Updates to TeX Gyre Adventor and Pagella in version 2.501:
* substantial extension of the repertoires by geometric, math and
technical symbols, in OTF, files stylistic feature ss10 (backward
compatibility with old math symbols) added, marks (anchors) implemented
* only one aggregate map (for each) is included for all encodings
* the contents of the source/fonts/tex-gyre/ directory changed; most
importantly, it contains source *.sfd files
* the relevant LaTeX files haven't been changed, they just got a new time
stamp
Changelog:
2019/01/08 : 1.8.17
- BUG/MAJOR: stream-int: Update the stream expiration date in stream_int_notify()
- MINOR: mux-h2: only increase the connection window with the first update
- BUG/MEDIUM: mux-h2: mark that we have too many CS once we have more than the max
- BUG/MEDIUM: server: Also copy "check-sni" for server templates.
- MINOR: lb: allow redispatch when using consistent hash
- MINOR: stream/cli: fix the location of the waiting flag in "show sess all"
- MINOR: stream/cli: report more info about the HTTP messages on "show sess all"
- BUG/MEDIUM: cli: make "show sess" really thread-safe
- BUG/MINOR: lua: Return an error if a legacy HTTP applet doesn't send anything
- BUG/MINOR: lua: bad args are returned for Lua actions
- BUG/MEDIUM: lua: dead lock when Lua tasks are trigerred
- BUG/CRITICAL: mux-h2: re-check the frame length when PRIORITY is used
2018/12/21 : 1.8.16
- BUG/MINOR: logs: leave startup-logs global and not per-thread
- BUG/MEDIUM: dns: Don't prevent reading the last byte of the payload in dns_validate_response()
- BUG/MEDIUM: dns: overflowed dns name start position causing invalid dns error
2018/12/13 : 1.8.15
- MINOR: threads: Make sure threads_sync_pipe is initialized before using it.
- DOC: clarify force-private-cache is an option
- BUG/MINOR: connection: avoid null pointer dereference in send-proxy-v2
- BUG/MINOR: backend: check that the mux installed properly
- BUG/MEDIUM: buffers: Make sure we don't wrap in buffer_insert_line2/replace2.
- MEDIUM: ssl: add support for ciphersuites option for TLSv1.3
- BUG/MEDIUM: Cur/CumSslConns counters not threadsafe.
- BUG/MINOR: checks: queues null-deref
- BUG/MEDIUM: mworker: segfault receiving SIGUSR1 followed by SIGTERM.
- BUG/MEDIUM: stream: don't crash on out-of-memory
- BUILD: ssl: fix null-deref warning in ssl_fc_cipherlist_str sample fetch
- BUILD: ssl: fix another null-deref warning in ssl_sock_switchctx_cbk()
- BUILD: stick-table: make sure not to fail on task_new() during initialization
- BUILD: peers: check allocation error during peers_init_sync()
- DOC: Fix a few typos
- BUG/MEDIUM: threads: fix thread_release() at the end of the rendez-vous point
- BUG/MEDIUM: threads: make sure threads_want_sync is marked volatile
- BUILD: compiler: add a new statement "__unreachable()"
- MINOR: lua: all functions calling lua_yieldk() may return
- BUILD: lua: silence some compiler warnings about potential null derefs (#2)
- BUILD: lua: silence some compiler warnings after WILL_LJMP
- CLEANUP: stick-tables: Remove unneeded double (()) around conditional clause
- BUILD: Makefile: add a "make opts" target to simply show the build options
- BUILD: Makefile: speed up compiler options detection
- BUILD: Makefile: silence an option conflict warning with clang
- MINOR: server: Use memcpy() instead of strncpy().
- MINOR: cfgparse: Write 130 as 128 as 0x82 and 0x80.
- MINOR: peers: use defines instead of enums to appease clang.
- DOC: fix reference to map files in MAINTAINERS
- BUILD: compiler: rename __unreachable() to my_unreachable()
- BUG/MEDIUM: pools: Fix the usage of mmap()) with DEBUG_UAF.
- BUG/MEDIUM: h2: Close connection if no stream is left an GOAWAY was sent.
- BUILD: Makefile: add the new ERR variable to force -Werror
- BUG/MINOR: cache: Crashes with "total-max-size" > 2047(MB).
- BUG/MINOR: cache: Wrong usage of shctx_init().
- BUG/MINOR: ssl: Wrong usage of shctx_init().
- DOC: cache: Missing information about "total-max-size"
- BUG/MINOR: only mark connections private if NTLM is detected
- BUG/MINOR: only auto-prefer last server if lb-alg is non-deterministic
- BUG/MAJOR: http: http_txn_get_path() may deference an inexisting buffer
- BUG/MEDIUM: auth/threads: use of crypt() is not thread-safe
- BUG/MINOR: config: better detect the presence of the h2 pattern in npn/alpn
- BUG/MEDIUM: Make sure stksess is properly aligned.
- BUG/MINOR: config: Copy default error messages when parsing of a backend starts
- BUG/MEDIUM: hpack: fix encoding of "accept-ranges" field
- BUG/MINOR: ssl: ssl_sock_parse_clienthello ignores session id
- BUG/MINOR: cfgparse: Fix transition between 2 sections with the same name
- BUG/MINOR: cfgparse: Fix the call to post parser of the last sections parsed
- BUG/MINOR: lb-map: fix unprotected update to server's score
- BUG/MEDIUM: sample: Don't treat SMP_T_METH as SMP_T_STR.
- BUG/MINOR: hpack: fix off-by-one in header name encoding length calculation
- BUG/MINOR: mux-h2: refrain from muxing during the preface
- BUG/MINOR: mux-h2: advertise a larger connection window size
- BUILD: compression: fix build error with DEFAULT_MAXZLIBMEM
- BUILD: threads: fix minor build warnings when threads are disabled
- MINOR: stats: report the number of active jobs and listeners in "show info"
- MINOR: servers: Free [idle|safe|priv]_conns on exit.
- DOC: clarify that check-sni needs an argument.
- DOC: refer to check-sni in the documentation of sni
- BUG: dns: Prevent stack-exhaustion via recursion loop in dns_read_name
- BUG: dns: Prevent out-of-bounds read in dns_read_name()
- BUG: dns: Prevent out-of-bounds read in dns_validate_dns_response()
- BUG: dns: Fix out-of-bounds read via signedness error in dns_validate_dns_response()
- BUG: dns: Fix off-by-one write in dns_validate_dns_response()
- DOC: Update configuration doc about the maximum number of stick counters.
- DOC: restore note about "independant" typo
- DOC: Fix typos in README and CONTRIBUTING
- DOC: Fix typos in different subsections of the documentation
- DOC: fix a few typos in the documentation
This release addresses a recently supported security issue. This DoS
vulnerability in the crypto/elliptic implementations of the P-521 and P-384
elliptic curves may let an attacker craft inputs that consume excessive
amounts of CPU.
These inputs might be delivered via TLS handshakes, X.509 certificates, JWT
tokens, ECDH shares or ECDSA signatures. In some cases, if an ECDH private
key is reused more than once, the attack can also lead to key recovery.
The issue is CVE-2019-6486 and Go issue golang.org/issue/29903.
See the Go issue for more details.
Version 1.4 of filecontents updates the definitions of tab and form
feed for compatibility with the 2018-04-01 LaTeX release. Thanks to
David Carlisle for the code update.
This release addresses a recently supported security issue. This DoS
vulnerability in the crypto/elliptic implementations of the P-521 and P-384
elliptic curves may let an attacker craft inputs that consume excessive
amounts of CPU.
These inputs might be delivered via TLS handshakes, X.509 certificates, JWT
tokens, ECDH shares or ECDSA signatures. In some cases, if an ECDH private
key is reused more than once, the attack can also lead to key recovery.
The issue is CVE-2019-6486 and Go issue golang.org/issue/29903.
See the Go issue for more details.
Release 2.1.0
- Allow intentional assignment to variables named _
- Recognize __module__ as a valid name in class scope
- pyflakes.checker.Checker supports checking of partial ast trees
- Detect assign-before-use for local variables which shadow builtin names
- Detect invalid print syntax using >> operator
- Treat async for the same as a for loop for introducing variables
- Add detection for list concatenation in __all__
- Exempt @typing.overload from duplicate function declaration
- Importing a submodule of an as-aliased import-import is marked as
used
- Report undefined names from __all__ as possibly coming from a *
import
- Add support for changes in Python 3.8-dev
- Add support for PEP 563 (from __future__ import annotations)
- Include Python version and platform information in pyflakes --version
- Recognize __annotations__ as a valid magic global in Python 3.6+
- Mark names used in PEP 484 # type: ... comments as used
- Add check for use of is operator with str, bytes, and int
literals
Version 1.55 adds support for the SticksToo text fonts (a reworking of
STIX2) as option stix2 to newtxmath. Along with this addition, there
are some important code differences concerning the treatment of
embedded Blackboard Bold alphabets, and, unique to the behavior under
stix2, the addition of the built-in DSSerif alphabet to the options for
Blackboard Bold alphabet.
2.5.14:
Bugfixes
Correct typo in LineProperties
Exception raised for unsupported image files
Exception raised when cannot find source for non-local cache object
Pull Requests
Add support for nested brackets to the tokeniser
Improvements on handling nested brackets in the tokeniser
v6.7.0:
Hey y'all! This is a quick hotfix release that includes some important fixes to npm@6.6.0 related to the large rewrite/refactor. We're tagging it as a feature release because the changes involve some minor new features, and semver is semver, but there's nothing major here.
NEW FEATURES
Improve usage errors to npm org commands and add optional filtering to npm org ls subcommand.
BUGFIXES
Fix default usage printout for npm org so you actually see how it's supposed to be used.
fix default usage message for npm hook
DOCS
Add manpage for npm org command.
DEPENDENCY BUMPS
Fall back to "fullfat" packuments on ETARGET errors. This will make it so that, when a package is published but the corgi follower hasn't caught up, users can still install a freshly-published package.
Fixes auth error for username/password legacy authentication.
Fixes issue with "cannot run in wd" errors for run-scripts.
Fixes issues with leaking signal-exit instances and file descriptors.
19.0.1:
Bug Fixes
- Fix a crash when using --no-cache-dir with PEP 517 distributions
19.0:
Deprecations and Removals
- Deprecate support for Python 3.4
- Start printing a warning for Python 2.7 to warn of impending Python 2.7 End-of-life and
prompt users to start migrating to Python 3.
- Remove the deprecated --process-dependency-links option.
- Remove the deprecated SVN editable detection based on dependency links
during freeze.
Features
- Implement PEP 517 (allow projects to specify a build backend via pyproject.toml).
- Implement manylinux2010 platform tag support. manylinux2010 is the successor
to manylinux1. It allows carefully compiled binary wheels to be installed
on compatible Linux platforms.
- Improve build isolation: handle .pth files, so namespace packages are correctly supported under Python 3.2 and earlier.
- Include the package name in a freeze warning if the package is not installed.
- Warn when dropping an --[extra-]index-url value that points to an existing local directory.
- Prefix pip's --log file lines with their timestamp.
Bug Fixes
- Avoid creating excessively long temporary paths when uninstalling packages.
- Redact the password from the URL in various log messages.
- Avoid creating excessively long temporary paths when uninstalling packages.
- Avoid printing a stack trace when given an invalid requirement.
- Present 401 warning if username/password do not work for URL
- Handle requests.exceptions.RetryError raised in PackageFinder that was causing pip to fail silently when some indexes were unreachable.
- Handle a broken stdout pipe more gracefully (e.g. when running pip list | head).
- Fix crash from setting PIP_NO_CACHE_DIR=yes.
- Fix crash from unparseable requirements when checking installed packages.
- Fix content type detection if a directory named like an archive is used as a package source.
- Fix listing of outdated packages that are not dependencies of installed packages in pip list --outdated --not-required
- Fix sorting TypeError in move_wheel_files() when installing some packages.
- Fix support for invoking pip using python src/pip ....
- Greatly reduce memory usage when installing wheels containing large files.
- Editable non-VCS installs now freeze as editable.
- Editable Git installs without a remote now freeze as editable.
- Canonicalize sdist file names so they can be matched to a canonicalized package name passed to pip install.
- Properly decode special characters in SVN URL credentials.
- Make PIP_NO_CACHE_DIR disable the cache also for truthy values like "true", "yes", "1", etc.
Vendored Libraries
- Include license text of vendored 3rd party libraries.
- Update certifi to 2018.11.29
- Update colorama to 0.4.1
- Update distlib to 0.2.8
- Update idna to 2.8
- Update packaging to 19.0
- Update pep517 to 0.5.0
- Update pkg_resources to 40.6.3 (via setuptools)
- Update pyparsing to 2.3.1
- Update pytoml to 0.1.20
- Update requests to 2.21.0
- Update six to 1.12.0
- Update urllib3 to 1.24.1
Improved Documentation
- Include the Vendoring Policy in the documentation.
- Add instructions for running pip from source to Development documentation.
- Remove references to removed #egg=<name>-<version> functionality
- Fix omission of command name in HTML usage documentation
2.5:
* **BACKWARDS INCOMPATIBLE:** :term:U-label strings were deprecated in
version 2.1, but this version removes the default idna dependency as
well. If you still need this deprecated path please install cryptography
with the idna extra: pip install cryptography[idna].
* **BACKWARDS INCOMPATIBLE:** The minimum supported PyPy version is now 5.4.
* Numerous classes and functions have been updated to allow :term:bytes-like
types for keying material and passwords, including symmetric algorithms, AEAD
ciphers, KDFs, loading asymmetric keys, and one time password classes.
* Updated Windows, macOS, and manylinux1 wheels to be compiled with
OpenSSL 1.1.1a.
* Added support for :class:~cryptography.hazmat.primitives.hashes.SHA512_224
and :class:~cryptography.hazmat.primitives.hashes.SHA512_256 when using
OpenSSL 1.1.1.
* Added support for :class:~cryptography.hazmat.primitives.hashes.SHA3_224,
:class:~cryptography.hazmat.primitives.hashes.SHA3_256,
:class:~cryptography.hazmat.primitives.hashes.SHA3_384, and
:class:~cryptography.hazmat.primitives.hashes.SHA3_512 when using OpenSSL
1.1.1.
* Added support for :doc:/hazmat/primitives/asymmetric/x448 when using
OpenSSL 1.1.1.
* Added support for :class:~cryptography.hazmat.primitives.hashes.SHAKE128
and :class:~cryptography.hazmat.primitives.hashes.SHAKE256 when using
OpenSSL 1.1.1.
* Added initial support for parsing PKCS12 files with
:func:~cryptography.hazmat.primitives.serialization.pkcs12.load_key_and_certificates.
* Added support for :class:~cryptography.x509.IssuingDistributionPoint.
* Added rfc4514_string() method to
:meth:x509.Name <cryptography.x509.Name.rfc4514_string>,
:meth:x509.RelativeDistinguishedName
<cryptography.x509.RelativeDistinguishedName.rfc4514_string>, and
:meth:x509.NameAttribute <cryptography.x509.NameAttribute.rfc4514_string>
to format the name or component an :rfc:4514 Distinguished Name string.
* Added
:meth:~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey.from_encoded_point,
which immediately checks if the point is on the curve and supports compressed
points. Deprecated the previous method
:meth:~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicNumbers.from_encoded_point.
* Added :attr:~cryptography.x509.ocsp.OCSPResponse.signature_hash_algorithm
to OCSPResponse.
* Updated :doc:/hazmat/primitives/asymmetric/x25519 support to allow
additional serialization methods. Calling
:meth:~cryptography.hazmat.primitives.asymmetric.x25519.X25519PublicKey.public_bytes
with no arguments has been deprecated.
* Added support for encoding compressed and uncompressed points via
:meth:~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicKey.public_bytes. Deprecated the previous method
:meth:~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePublicNumbers.encode_point.
Changes with Apache 2.4.38
*) SECURITY: CVE-2018-17199 (cve.mitre.org)
mod_session: mod_session_cookie does not respect expiry time allowing
sessions to be reused.
*) SECURITY: CVE-2018-17189 (cve.mitre.org)
mod_http2: fixes a DoS attack vector. By sending slow request bodies
to resources not consuming them, httpd cleanup code occupies a server
thread unnecessarily. This was changed to an immediate stream reset
which discards all stream state and incoming data.
*) SECURITY: CVE-2019-0190 (cve.mitre.org)
mod_ssl: Fix infinite loop triggered by a client-initiated
renegotiation in TLSv1.2 (or earlier) with OpenSSL 1.1.1 and
later.
*) mod_ssl: Clear retry flag before aborting client-initiated renegotiation.
*) mod_negotiation: Treat LanguagePriority as case-insensitive to match
AddLanguage behavior and HTTP specification.
*) mod_md: incorrect behaviour when synchronizing ongoing ACME challenges
have been fixed.
*) mod_setenvif: We can have expressions that become true if a regex pattern
in the expression does NOT match. In this case val is NULL
and we should just set the value for the environment variable
like in the pattern case.
*) mod_session: Always decode session attributes early.
*) core: Incorrect values for environment variables are substituted when
multiple environment variables are specified in a directive.
*) mod_rewrite: Only create the global mutex used by "RewriteMap prg:" when
this type of map is present in the configuration.
*) mod_dav: Fix invalid Location header when a resource is created by
passing an absolute URI on the request line
*) mod_session_cookie: avoid duplicate Set-Cookie header in the response.
*) mod_ssl: clear *SSL errors before loading certificates and checking
afterwards. Otherwise errors are reported when other SSL using modules
are in play.
*) mod_ssl: Fix the error code returned in an error path of
'ssl_io_filter_handshake()'. This messes-up error handling performed
in 'ssl_io_filter_error()'
*) mod_ssl: Fix $HTTPS definition for "SSLEngine optional" case, and fix
authz provider so "Require ssl" works correctly in HTTP/2.
*) mod_proxy: If ProxyPassReverse is used for reverse mapping of relative
redirects, subsequent ProxyPassReverse statements, whether they are
relative or absolute, may fail.
*) mod_lua: Now marked as a stable module
