Upstream changes:
version 1.96 at 2014-10-20 13:27:59 +0000
-----------------------------------------
Change: 67510a440b9b5dfc9705e6e07a324ef8ee29ee67
Author: Chris 'BinGOs' Williams <chris@bingosnet.co.uk>
Date : 2014-10-20 14:27:59 +0000
Updated for v5.21.5
2.6.4
----------
- Improve assertion failure reporting on iterables, by using ndiff and pprint.
- removed outdated japanese docs from source tree.
- docs for "pytest_addhooks" hook. Thanks Bruno Oliveira.
- updated plugin index docs. Thanks Bruno Oliveira.
- fix issue557: with "-k" we only allow the old style "-" for negation
at the beginning of strings and even that is deprecated. Use "not" instead.
This should allow to pick parametrized tests where "-" appeared in the parameter.
- fix issue604: Escape % character in the assertion message.
- fix issue620: add explanation in the --genscript target about what
the binary blob means. Thanks Dinu Gherman.
- fix issue614: fixed pastebin support.
7.0
---
* Issue #80, Issue #209: Eggs that are downloaded for ``setup_requires``,
``test_requires``, etc. are now placed in a ``./.eggs`` directory instead of
directly in the current directory. This choice of location means the files
can be readily managed (removed, ignored). Additionally,
later phases or invocations of setuptools will not detect the package as
already installed and ignore it for permanent install (See #209).
This change is indicated as backward-incompatible as installations that
depend on the installation in the current directory will need to account for
the new location. Systems that ignore ``*.egg`` will probably need to be
adapted to ignore ``.eggs``. The files will need to be manually moved or
will be retrieved again. Most use cases will require no attention.
1.4.26
==================================================
- avoid calling normpath twice in py.path.local
- py.builtin._reraise properly reraises under Python3 now.
- fix issue53 - remove module index, thanks jenisys.
- allow posix path separators when "fnmatch" is called.
Thanks Christian Long for the complete PR.
1.006001 - 2014-10-22
- Name the ->DOES method installed by Role::Tiny
- don't apply threading workarounds on non-threaded perls, even if module for
it is loaded by something
- avoid loading base.pm and just set @ISA manually
- fix some Pod links to Class::Method::Modifiers
- fix applying roles with multiple attributes with defaults to objects
(RT#99217)
- fix Moose inheriting from a Moo class that inherits from a non-M* class
when the Moose class is not made immutable
- fix ->does method on Moose child classes of Moo classes
1.000005 2014-10-25
[ Bug Fixes ]
- Fix short-circuiting optimizations for parameterized HashRef, ArrayRef,
ScalarRef, and Map type constraints.
Fixes RT#99312.
Marcel Timmerman++
<https://rt.cpan.org/Ticket/Display.html?id=99312>
[ Test Suite ]
- Fix annoying warning message in test suite with recent versions of
Exporter::Tiny.
2014-10-26 meld 3.12.1
======================
Fixes:
* Work around change colours not displaying on GTK+ 3.14 (Kai Willadsen)
* Fix missing cache opcodes in some circumstances (Kai Willadsen)
* Fix text view expansion when resizing patch dialog (Kai Willadsen)
* Build fix to always include C locale when LINGUAS is set (Kai Willadsen)
Translations:
* Rafael Ferreira (pt_BR)
* Мирослав Николић (sr, sr@latin)
* Fix name for vcsh_clean. Closes: #766655
* Add darcs grep command using ack-grep. Thanks, Paul Wise.
* Add a clean command. Thanks, Paul Wise. Closes: #702685
* Fix breakage introduced by --minimal patch.
* Deal with abs_path change in new version of perl, now it returns undefined
when the directory does not exist.
* Added --minimal mode. Closes: #694031 Thanks, Paul Wise.
* Use libio-pty-easy-perl when available when captuting command output
(for --minimal or -jN), so that programs that output color to terminals
will be colorized. This is only a recommends as it will fall back to
the old method. Thanks, Paul Wise.
Changelog:
What's new in 1.565.3 (2014/10/01)
Plugin code can be downloaded by anyone with Overall/Read (SECURITY-155)
Stored passwords can be read out from build with parameters page (SECURITY-138)
Multiple cross-site scripting (XSS) vulnerabilities in ZeroClipboard.swf in ZeroClipboard before 1.3.2 as included with Jenkins (SECURITY-149)
Unauthenticated users can make Jenkins behind Apache unresponsive (SECURITY-87)
Users with limited Job/Configure can replace other jobs they have no access to (if they know the name) (SECURITY-128)
CLI calls are causing file descriptor leaks. (issue 23248)
Users with limited Job/Configure can change the kind of job via CLI, getting access to denied job types (SECURITY-127)
Test result trend breaks lazy-loading (issue 23945)
Unable to kill a job which is running (issue 17667)
XSS weakness in load-statistics (SECURITY-143)
Job is removed from ListView after rename (issue 23893)
set-build-result and set-build-parameter do insufficient checks (issue 24080)
Missing no-sniff header (SECURITY-122)
Directory traversal (SECURITY-131)
"incompatible InnerClasses attribute" error in IBM J9 VM (issue 22525)
Arbitrary file system write via DiskFileItem deserialization (SECURITY-159)
Missing SecureFlag cookie (SECURITY-120)
Prevent (private security realm) usernames from being guessed (SECURITY-79 redux!) (SECURITY-110)
Deadlock in OldDataMonitor (issue 24358)
RemoteInvocationHandler.RPCRequest allows invoking any method on an exported object event those not exposed by the exported interface (SECURITY-150)
What's new in 1.565.2 (2014/09/03)
Jenkins needs to check whether the war's directory is writeable before offering to upgrade (issue 23683)
AbstractLazyLoadRunMap.iterator() calls .all() (issue 18065)
Jenkins no longer kills running processes after job fails (issue 22641)
HTTP error 405 when trying to restart ssh host (issue 23094)
Run.delete (from LogRotator) failing with "...looks to have already been deleted" (issue 22395)
file name encoding broken in zip archives (issue 20663)
Kill win32 processes from win64 JVMs (issue 23410)
What's new in 1.565.1 (2014/07/30)
Queue.maintain does disk I/O via PeepholePermalink.resolve (issue 22822)
“Form too large” errors submitting view configurations with many jobs (issue 20327)
NPE on plugin install (issue 20031)
Link to the console output missing in popup when log >200Kb (issue 14264)
Parameters: NPE in canTake() procedures may kill all executors (issue 15094)
NPE from AbstractBuild$AbstractBuildExecution.run (issue 23277)
broken ProjectNamingStrategy Extension (issue 23127)
Move DecoratedLauncher from the custom-tools plugin to the Jenkins Core (issue 19454)
hudson.Launcher:ProcStarter::envs() may throw NPE (issue 20559)
Resource leak in hudson.model.FileParameterValue (issue 22693)
ReverseBuildTrigger.threshold not consistently saved (issue 23191)
AccessRestriction on SecurityListener methods (issue 23417)
After deleting folder, get 404 (issue 23375)
email-ext plugin doesn't handle tokens when slave has gone offline: IAE from AbstractProject.getEnvironment (issue 23517)
Jenkins cannot restart Windows service (issue 22685)
Rules for showing/hiding SCMTrigger.pollingThreadCount option are broken (issue 22934)
What's new in 1.554.3 (2014/06/30)
Queue.maintain does disk I/O via PeepholePermalink.resolve (issue 22822)
Non-recursive ListViews unnecessarily call owner.getAllItems in getItems (issue 22720)
SSH slave connections die after the slave outputs 4MB of stderr, usually during findbugs analysis (issue 22938)
Jenkins cannot restart Windows service (issue 22685)
What's new in 1.554.2 (2014/05/30)
Don't ask for confirmation when it doesn't make any sense (issue 21720)
On a configure screen that has multiple groups of radio buttons, clicking the apply button clears all but the last radio group selection (issue 22570)
Optimize creation of relative links to jobs (issue 18364)
Jenkins asks for confirmation before leaving edited 'View Configuration' page (issue 20597)
OutOfOrderBuildMonitor fails to correct builds with duplicate number (issue 22631)
Computer does not exist returns NPE (issue 21999)
Last build of project reloaded when project asked for later build (issue 22681)
After clicking 'Apply' at least once, 'Save' opens a new window (issue 20245)
hetero-radio should work with multiple instances of the same ui (issue 22583)
Cannot submit configuration after removing groovy step (issue 22582)
No autocompletion and NullPointerException when using 'Copy Existing Job' (issue 22142)
What's new in 1.554.1 (2014/04/30)
NPE if trying to install a plugin from the update center and either the update source or the plugin contains a '.' in its name (issue 22080)
Download update center from master by default (issue 19081)
OutOfMemory due to unbounded storage in OldDataMonitor (issue 19544)
Very slow resource loading from UberClassLoader (issue 21579)
Jetty exploding war to /tmp is a bad idea (issue 22442)
Performance issue with search box (issue 21969)
ArrayIndexOutOfBoundsException during Jenkins.doConfigSubmit; need XStream 1.4.6 (issue 18537)
NullPointerException when trying to mark slave temporarily offline (issue 21875)
Build queue is not filtered after progress updated (issue 20500)
copy-job permission checks wrong (issue 22262)
What's new in 1.532.3 (2014/04/11)
Replace description in error dialog instead of appending (issue 21457)
NPE from xstream.core.JVM.isOpenJDK (issue 21183)
WorkspaceCleanupThread does not handle folders (issue 21023)
Copy Artifact's fingerprinting creates second hudson.tasks.Fingerprinter_-FingerprintAction section with just the artifacts copied (issue 17606)
/login offers link to /opensearch.xml which anonymous users cannot retrieve (issue 21254)
Miscellaneous exceptions in config.xml can prevent entire job from loading (issue 21024)
Jobs named "." can be created, but not built, configured, accessed, ... (issue 21639)
DirectoryBrowserSupport.buildChildPaths does quadratic number of calls to check whether entries are directories (issue 21780)
ZIP file download generates corrupt zip file (issue 20345)
Update credentials plugin to 1.9.4 (issue 21820)
Apply button does not work in IE Compat View (issue 19826)
Deadlock while parallel deletion/rename of jobs (issue 19446)
What's new in 1.532.2 (2014/02/14)
CannotResolveClassException breaks loading of entire containing folder, not just one job (issue 20951)
Default markup formatter permits offsite-bound forms (SECURITY-88)
Using jenkins-cli connecting to HTTPS port fails due to hostname mismatch in certificate (issue 12629)
ApiTokenFilter does not check that the user actually exists (SECURITY-89)
HTTP two-way remoting does not work (jenkins-cli.jar without JNLP) (issue 20128)
Slave launcher fails after NoClassDefFoundError: Could not initialize class jenkins.model.Jenkins$MasterComputer (issue 19453)
StreamCorruptedException (issue 8856)
UI Redressing/ClickJacking (SECURITY-80)
Fail to run 'groovysh' in CLI due to insufficient permission (issue 17929)
Loading projects too slow because of File.isDirectory calls (issue 21078)
HTML metacharacters not escaped in log messages (issue 20800)
Channel's executorService's pool should have a name (issue 19004)
ListView.expand throws ClassCastException: … cannot be cast to hudson.model.TopLevelItem (issue 20415)
Stored XSS (SECURITY-74)
Session Fixation (SECURITY-75)
/heapDump offered to anyone with ADMINISTER (SECURITY-73)
Username Guessing/Enumeration (SECURITY-79)
RingBufferLogHandler throws ArrayIndexOutOfBoundsException after int-overflow (issue 9120)
Iframe Injection (SECURITY-76)
Reflected XSS in Cookie (SECURITY-77)
l:breakable mishandles HTML metacharacters (issue 20928)
Start JNLP slave ignores jar-cache flag (issue 20093)
Stored passwords can be read out from UIs with password fields (SECURITY-93)
Too many open files upon HTTP listener init or shutdown (issue 14336)
Extension point for secure users of Api (issue 16936)
'Apply' error screens don't work (issue 20772)
Workspaces seem to be removed prematurely on concurrent jobs (issue 10615)
Job creators are able to edit or destroy the system configuration via the CLI (SECURITY-108)
Disable\Delete "Remember me on this computer" check box in login screen (issue 15757)
SECURITY-55 fails if downstream project not visible (SECURITY-109)
Builds disappear some time after renaming job (issue 18678)
Use RunAction2 from TestResultAction (issue 18410)
java.lang.NoClassDefFoundError: sun/net/www/protocol/jar/JarURLConnection (issue 20163)
Remote code execution via xstream deserialization in XML API (SECURITY-105)
Jenkins on winstone vulnerable to session hijacking (SECURITY-106)
Jenkins allows anonymous access if the Authorization Strategy can't be loaded (SECURITY-107)
you cannot use the cli without giving Overall read to Anonymous (issue 8815)
What's new in at-spi2-atk 2.14.1:
* Aggressively filter out children-changed signals for objects with
MANAGES_DESCENDANTS (bgo#728319).
What's new in at-spi2-atk 2.13.4:
* Fix typo in .pc file (bgo#721719).
* Fix retrieving text attributes (bgo#731980).
* Correctly remove the socket on exit (bgo#684076).
What's new in at-spi2-atk 2.13.1:
* Add an atexit handler to remove the D-Bus socket (bgo#684076).
* Only send cache-related events for transients when explicitly requested.
Hopefully this will improve performance when we are flooded with them.
(bgo#728319).
Fixes
makefile cleanups
Avoid OOM errors when locked items stuck in tail
If clients occasionally fetch many items, more than can fit the
TCP buffers, then hang for a very long period of time, that slab
class could OOM. In older versions this could cause a crash. Since
1.4.20 this will cause OOM errors.
Now, if a locked item lands in the LRU tail, it will be bumped back
to the head and an lrutail_reflocked counter incremented. If you're
concerned about having stuck clients, watch that counter.
Big thanks to Jay Grizzard et all at Box for helping track this
down!
0.21.1 (2014-10-18)
===================
Features added
--------------
* New ``cythonize`` option ``-a`` to generate the annotated HTML source view.
* Missing C-API declarations in ``cpython.unicode`` were added.
* Passing ``language='c++'`` into cythonize() globally enables C++ mode for
all modules that were not passed as Extension objects (i.e. only source
files and file patterns).
* ``Py_hash_t`` is a known type (used in CPython for hash values).
* ``PySlice_*()`` C-API functions are available from the ``cpython.slice``
module.
* Allow arrays of C++ classes.
Bugs fixed
----------
* Reference leak for non-simple Python expressions in boolean and/or expressions.
* To fix a name collision and to reflect availability on host platforms,
standard C declarations [ clock(), time(), struct tm and tm* functions ]
were moved from posix/time.pxd to a new libc/time.pxd. Patch by Charles
Blake.
* Rerunning unmodified modules in IPython's cython support failed.
Patch by Matthias Bussonier.
* Casting C++ ``std::string`` to Python byte strings failed when
auto-decoding was enabled.
* Fatal exceptions in global module init code could lead to crashes
if the already created module was used later on (e.g. through a
stale reference in sys.modules or elsewhere).
* ``cythonize.py`` script was not installed on MS-Windows.
Other changes
-------------
* Compilation no longer fails hard when unknown compilation options are
passed. Instead, it raises a warning and ignores them (as it did silently
before 0.21). This will be changed back to an error in a future release.
0.55 2014-10-20 23:45 UTC
+ Fix : [RT #99319] : t/18-opinfo.t: test failure due to change in
perl 5 blead
The new METHOP op class added in perl 5.21.5 is now supported.
Thanks James E Keenan for reporting.
2014-10-17
New AsyncioEventLoop for Python 3.4, Python 3.x with asyncio
package or Python 2 with trollius package (by Alex Munroe,
Jonas Wielicki, with earlier work by Kelketek Rritaa)
Screen classes now call back to MainLoop using event loop
alarms instead of passing timeout values to MainLoop (by
Alex Munroe)
Add support for bright backgrounds on linux console (by
Russell Warren)
Allow custom sorting of MonitoredList (by Tony Cebzanov)
Fix support for negative indexes with MonitoredFocusList
(by Heiko Noordhof)
Documentation fixes (by Ismail, Matthew Mosesohn)
TortoiseHg 3.1.2 is a regularly scheduled bug-fix release.
Since 3.1, Mercurial commands are run in separate command server
process. It generally contributes to reliability, but if you have
a faulty extension or an in-process Python hook, it can corrupt
the communication channel between TortoiseHg and the command server.
If you see an error message like "cmdserver: timeout while reading...",
please report it with the list of enabled third-party extensions
and their versions. Currently, reviewboard (#3841) and onsub (#3924)
extensions are known to have this issue.
Bug Fixes
commit: correct boundary value to disable pygments parsing
(refs #3910)
commit: do not show username prompt if ui.user is set (fixes
#3901)
obsolete: look for markers even if intermediate revisions are
hidden
repomodel, sync: fix performance regression on repo having many
named branches (fixes#3912)
tag: propagate --force option properly on remove
Version 0.19.3 - October 2014
* Bug fixes:
- Fix xgettext mishandling of octal character escapes in C.
- Fix autopoint infinite recursion with certain configure.ac.
* The po/Makevars file has a new field MSGINIT_OPTIONS, that can be
used to adjust msginit's operation. This is particularly useful for
controlling line wrapping behavior together with MSGMERGE_OPTIONS
and XGETTEXT_OPTIONS.
* Portability:
- Building on Solaris 10 and 11 with Solaris Studio compiler is now
fixed.
New features and improvements:
* Added support for the -Xclang compiler option.
* Improved handling of exit code of internally executed processes.
* Zero length object files in the cache are now rejected as invalid.
* Bail out on option -gsplit-dwarf (since it produces multiple output files).
* Compiler option -fdebug-prefix-map is now ignored (not part of the hash). (The -fdebug-prefix-map option may be used in combination with CCACHE_BASEDIR to reuse results across different directories.)
* Added note in documentation that --ccache-skip currently does not mean “don’t hash the following option”.
* To enable support for precompiled headers (PCH), CCACHE_SLOPPINESS now also needs to include the new pch_defines sloppiness. This is because ccache can’t detect changes in the source code when only defined macros have been changed.
* Stale files in the internal temporary directory (<ccache_dir>/tmp) are now cleaned up if they are older than one hour.
Bug fixes:
* Fixed path canonicalization in make_relative_path() when path doesn’t exist.
* Fixed bug in common_dir_prefix_length(). This corrects the CCACHE_BASEDIR behavior.
* ccache no longer tries to create the cache directory when CCACHE_DISABLE is set.
* Fixed bug when reading manifests with a very large number of file info entries.
* Fixed problem with logging of current working directory.
changelog:
Changes in version 0.10.12.1
* Fixed compilation on non-head GHCs
Changes in version 0.10.12.0
* Export MVector constructor from Data.Vector.Primitive to match Vector's
(which was already exported).
* Fix building on GHC 7.9 by adding Applicative instances for Id and Box
Upstream changes:
0.09 Jul 7 2014
- Get rid of DB::single
Thank you djerius@cpan.org
- Don't do POD tests
0.08 Jan 29 2014
- Tests may now be run in parallel
Thank you KENTNL@cpan.org
0.07 Jan 17 2014
- Added delete_share
Thank you dmuey@cpan.org
0.06 Jan 16 2014
- Added $INCLUDE_DOTFILES and $INCLUDE_DOTDIRS
Thank you sharyanto@cpan.org
Changelog:
New in NSS 3.17.2
New Functionality
No new functionality is introduced in this release. This is a patch release to fix a regression and other bugs.
Notable Changes in NSS 3.17.2
Bug 1049435: Change RSA_PrivateKeyCheck to not require p > q. This fixes a regression introduced in NSS 3.16.2 that prevented NSS from importing some RSA private keys (such as in PKCS #12 files) generated by other crypto libraries.
Bug 1057161: Check that an imported elliptic curve public key is valid. Previously NSS would only validate the peer's public key before performing ECDH key agreement. Now EC public keys are validated at import time.
Bug 1078669: certutil crashes when an argument is passed to the --certVersion option.
Bugs fixed in NSS 3.17.2
This Bugzilla query returns all the bugs fixed in NSS 3.17.2:
https://bugzilla.mozilla.org/buglist.cgi?resolution=FIXED&classification=Components&query_format=advanced&product=NSS&target_milestone=3.17.2
Compatibility
NSS 3.17.2 shared libraries are backward compatible with all older NSS 3.x shared libraries. A program linked with older NSS 3.x shared libraries will work with NSS 3.17.2 shared libraries without recompiling or relinking. Furthermore, applications that restrict their use of NSS APIs to the functions listed in NSS Public Functions will remain compatible with future versions of the NSS shared libraries.
