1.4.0
IMPROVEMENTS
* Drop Python 3.3 support, and test on 3.5 and 3.6.
* Add support for Python 3.7 and 3.8.
* Improve readability of SubUnit v2 spec.
* Add license to setup.py.
BUGFIXES
* Migrate Gtk interface to GObject introspection.
* Fix file open for python3.
* Check written bytes are not None before summing them to offset.
* Correctly handle py3 RawIOBase read().
Very big release! This includes a lot of bug fixes, large portions of the
code rewritten, and some features deprecated or removed. We hope not to
break anyone's code, but we won't keep bugs for compatibility's sake. If
your code broke and the change isn't in the list below, please open an
issue in our tracker.
New:
* Added warning flags to RGBASM: by default, most warnings are disabled
now. Please see man rgbasm for more info
* "LOAD blocks" simplify writing code that should run in RAM; users of
unofficial program rgbbin may want to look into this
* Shiny new assertions, whose checking can be deferred to RGBLINK
* "Unionized" sections offer a sort of cross-file UNION
* More flags in the RGBASM -M family for better automatic dependency
management
* Bracketed symbols can be nested (example)
* SHIFT can now shift multiple times at once
* Long options (such as --version for -V) have been added to all
programs
* RGBASM now accepts escape \r in strings
* INCBIN now works with unseekable files as well
Deprecations and removals:
* As part of a cleanup effort, features previously marked as deprecated
have been removed, such as the CODE section type
* Labels not starting with a dot nor followed by a colon have been
deprecated; in a future version, they will be treated as macro
invocations
* Deprecated OPT z in favor of new and more consistent OPT p
* Deprecated GLOBAL symbol (and its synonym XDEF), as it has the same
effect as EXPORT
* Removed "section-local" charmap (deprecated in 0.3.9)
Changes:
* .sym and .map files are now output sorted
* The argument to rst does not need to be known to RGBASM anymore (so
labels can be used at all times)
* Only labels may have dots in their name now
* Labels beginning with a dot may have whitespace before their
declaration
* DEF() now accepts labels as arguments
* ROMX and WRAMX sections can be used in RGBLINK's -t and -w modes,
respectively
* RGBLINK will report more detailed "error stacks", like RGBASM
* RGBASM tries harder to treat expressions as "constant"
* Second byte of stop can be specified without resorting to using db
For further information on new or changed features, please refer to our
documentation.
Fixes:
* gbz80(7) had incorrect flag descriptions for sub
* Arguments to RGBASM -i have a / implicitly appended if they don't end
with one
* = was treated as identical to set, so = 7, [hl] was valid; this has
been fixed
* Corrected wrong line reporting with REPT blocks
* Changing sections now resets the label scope
* Built-ins and symbols referenced in link-time expressions can no
longer be PURGEd
* __ISO_8601_UTC__ and __ISO_8601_LOCAL__ symbols fixed on Windows (with
a caveat for the latter)
Notes:
* RGBDS is now compiled with optimizations by default. To disable
optimizations, use make CFLAGS=-O0. To compile in "debug mode", build
using make develop instead of make; this requires a fairly specific
configuration, though, and might not work for you.
* Performance of RGBASM and RGBLINK should have been improved (beyond
the above), but we would need help from someone experienced with YACC
/ Bison to make more significant changes
* Reliability across systems and platforms has been improved:
* RGBASM parser grammar has been cleaned up
* Undefined behavior has been removed from various programs
* Nightly builds are available for each commit now ("Actions" tab ⇒
"Regression testing" ⇒ click on the commit name)
* Docs have received an overhaul, including a more responsive and
mobile-friendly styling
* General system stability improvements to enhance the user's experience
4.0.2:
* Add more data for ``ko_KR`` address provider.
* Improved ``pt_PT`` locale for address and bank.
* Add ``port_number`` method to internet provider.
* Add color provider for ``fa_IR`` locale.
* Add formatting options for ``pt_BR`` postcodes.
* Add ``country_calling_code`` to ``phone_number`` provider.
* Fix leap year issue.
* Add ``AutomotiveProvider`` for ``fr_FR`` locale.
* Fix ``cellphone_formats`` in ``pt_BR`` ``PhoneNumberProvider``.
pkgsrc changes:
- Add dbus and ladspa options
- Build with ladspa support on BSD and Linux
- Don't build with SDL2 audio backend on Darwin
Changelog:
- fluidsynth now exits with error when user-provided command-line arguments are out-of-range
- add verbose error logging to opensles and oboe drivers
- fix a memory leak in oboe driver
- fix a NULL dereference in the fluidsynth commandline program
Release 0.16:
Docutils 0.15.x is the last version supporting Python 2.6, 3.3 and 3.4.
Docutils 0.16.x supports Python 2.7 and Python >= 3.5 natively,
without the use of the ``2to3`` tool.
* reStructuredText:
- Keep `backslash escapes`__ in the document tree. This allows, e.g.,
escaping of author-separators in `bibliographic fields`__.
* LaTeX writer:
- Informal titles of type "rubric" default to bold-italic and left aligned.
- Deprecate ``\docutilsrole`` prefix for styling commands:
use ``\DUrole`` instead.
- Fix topic subtitle.
- Add "latex writers" to the `config_section_dependencies`.
- Ignore classes for `rubric` elements
(class wrapper interferes with LaTeX formatting).
* tools/buildhtml.py
- New option "--html-writer" allows to select "html__" (default),
"html4" or "html5".
* docutils/io.py
- Remove the `handle_io_errors` option from io.FileInput/Output.
* docutils/nodes.py
- If `auto_id_prefix`_ ends with "%", this is replaced with the tag name.
* Various bugfixes and improvements (see HISTORY_).
go1.13.10 (released 2020/04/08) includes fixes to the go command, the
runtime, os/exec, and time packages. See the Go 1.13.10 milestone on our
issue tracker for details.
0.2.3:
* Fixed typo.
* Fix typo in comment
* Use pointer to const for strings that aren't/shouldn't be modified
* Squash a couple of warnings in example-deconstructor-alt
* Fix spelling for error message
* Make appveyor config be a hidden file
* Add CHANGES file
* Always output document end before directive (YAML 1.2 compatibility)
* Output document end marker after open ended scalars
* change cmake target name from libOFF.a to libyaml.a
* include/yaml.h: fix comments
* Fixed missing token in example
* Avoid recursion in the document loader.
* Support %YAML 1.2 directives
* Change dllexport controlling macro to use _WIN32
GLib 2.64.2
* Bugs fixed:
- Glib uses _Static_assert in C++17 mode
- gdbus error messages contains mixed up body and head signatures
- Backport !1420 “gmacros.h: avoid using _Static_assert in C++17 mode” to glib-2-64
- Backport various patches to glib-2-64
- docs: Fix configuration with gtk_doc=true and installed_tests=false
- Add missing 'extern' to the dllexport version of GLIB_VAR/GOBJECT_VAR
- Fix arch detection ifdefs in glib/valgrind.h
- glib-unix.c: fix heap corruption in g_unix_get_passwd_entry
- docs: Mention new gio tool options
- gdbusmessage: Fix swapped signatures in error messages
- Backport “gfile: Fallback to fast-content-type if content-type is not set” to glib-2-64
* Translation updates:
- Hebrew
- Romanian
- Ukrainian
* Bump forgotten BUILDLINK_API_DEPENDS.
Changelog:
This is qpdf version 10.0.1. This release includes some small bug
fixes over 10.0.0 including a fix to one regression in
QPDFObjectHandle::getStreamData. If you use that method in your
code, you should definitely take 10.0.1 over 10.0.0.
ICU 66
It updates to Unicode 13 & CLDR 36.1. New, extra Q1 releases for low-risk integration of Unicode 13.
ICU 65
It updates to CLDR 36 locale data with many additions and corrections, and some new measurement units. The Java LocaleMatcher API is improved, and ported to C++. For building ICU data, there are new filtering options, and new tracing support for data loading in ICU4C.
v5.14.2
- Added the missing QTextCodec.convertFromUnicode().
- Added the OpenGL ES bindings.
- Added QFlags.__index__().
v5.14.1
- This is a bug fix release.
v5.14.0
- Added support for Qt v5.14.0.
2.0.4
Fixed a regression in the Windows packaging system (introduced by 2.0 beta1[2]) whereby, if both the 64-bit libjpeg-turbo SDK for GCC and the 64-bit libjpeg-turbo SDK for Visual C++ were installed on the same system, only one of them could be uninstalled.
Fixed a signed integer overflow and subsequent segfault that occurred when attempting to decompress images with more than 715827882 pixels using the 64-bit C version of TJBench.
Fixed out-of-bounds write in tjDecompressToYUV2() and tjDecompressToYUVPlanes() (sometimes manifesting as a double free) that occurred when attempting to decompress grayscale JPEG images that were compressed with a sampling factor other than 1 (for instance, with cjpeg -grayscale -sample 2x2).
Fixed a regression introduced by 2.0.2[5] that caused the TurboJPEG API to incorrectly identify some JPEG images with unusual sampling factors as 4:4:4 JPEG images. This was known to cause a buffer overflow when attempting to decompress some such images using tjDecompressToYUV2() or tjDecompressToYUVPlanes().
Fixed an issue, detected by ASan, whereby attempting to losslessly transform a specially-crafted malformed JPEG image containing an extremely-high-frequency coefficient block (junk image data that could never be generated by a legitimate JPEG compressor) could cause the Huffman encoder's local buffer to be overrun. (Refer to 1.4.0[9] and 1.4beta1[15].) Given that the buffer overrun was fully contained within the stack and did not cause a segfault or other user-visible errant behavior, and given that the lossless transformer (unlike the decompressor) is not generally exposed to arbitrary data exploits, this issue did not likely pose a security risk.
The ARM 64-bit (ARMv8) NEON SIMD assembly code now stores constants in a separate read-only data section rather than in the text section, to support execute-only memory layouts.
2.0.3
Fixed "using JNI after critical get" errors that occurred on Android platforms when passing invalid arguments to certain methods in the TurboJPEG Java API.
Fixed a regression in the SIMD feature detection code, introduced by the AVX2 SIMD extensions (2.0 beta1[1]), that was known to cause an illegal instruction exception, in rare cases, on CPUs that lack support for CPUID leaf 07H (or on which the maximum CPUID leaf has been limited by way of a BIOS setting.)
The 4:4:0 (h1v2) fancy (smooth) chroma upsampling algorithm in the decompressor now uses a similar bias pattern to that of the 4:2:2 (h2v1) fancy chroma upsampling algorithm, rounding up or down the upsampled result for alternate pixels rather than always rounding down. This ensures that, regardless of whether a 4:2:2 JPEG image is rotated or transposed prior to decompression (in the frequency domain) or after decompression (in the spatial domain), the final image will be similar.
Fixed an integer overflow and subsequent segfault that occurred when attempting to compress or decompress images with more than 1 billion pixels using the TurboJPEG API.
Fixed a regression introduced by 2.0 beta1[15] whereby attempting to generate a progressive JPEG image on an SSE2-capable CPU using a scan script containing one or more scans with lengths divisible by 16 would result in an error ("Missing Huffman code table entry") and an invalid JPEG image.
Fixed an issue whereby tjDecodeYUV() and tjDecodeYUVPlanes() would throw an error ("Invalid progressive parameters") or a warning ("Inconsistent progression sequence") if passed a TurboJPEG instance that was previously used to decompress a progressive JPEG image.
2.0.2
Fixed a regression introduced by 2.0.1[5] that prevented a runtime search path (rpath) from being embedded in the libjpeg-turbo shared libraries and executables for macOS and iOS. This caused a fatal error of the form "dyld: Library not loaded" when attempting to use one of the executables, unless DYLD_LIBRARY_PATH was explicitly set to the location of the libjpeg-turbo shared libraries.
Fixed an integer overflow and subsequent segfault (CVE-2018-20330) that occurred when attempting to load a BMP file with more than 1 billion pixels using the tjLoadImage() function.
Fixed a buffer overrun (CVE-2018-19664) that occurred when attempting to decompress a specially-crafted malformed JPEG image to a 256-color BMP using djpeg.
Fixed a floating point exception that occurred when attempting to decompress a specially-crafted malformed JPEG image with a specified image width or height of 0 using the C version of TJBench.
The TurboJPEG API will now decompress 4:4:4 JPEG images with 2x1, 1x2, 3x1, or 1x3 luminance and chrominance sampling factors. This is a non-standard way of specifying 1x subsampling (normally 4:4:4 JPEGs have 1x1 luminance and chrominance sampling factors), but the JPEG format and the libjpeg API both allow it.
Fixed a regression introduced by 2.0 beta1[7] that caused djpeg to generate incorrect PPM images when used with the -colors option.
Fixed an issue whereby a static build of libjpeg-turbo (a build in which ENABLE_SHARED is 0) could not be installed using the Visual Studio IDE.
Fixed a severe performance issue in the Loongson MMI SIMD extensions that occurred when compressing RGB images whose image rows were not 64-bit-aligned.
2.0.1
Fixed a regression introduced with the new CMake-based Un*x build system, whereby jconfig.h could cause compiler warnings of the form "HAVE_*_H" redefined if it was included by downstream Autotools-based projects that used AC_CHECK_HEADERS() to check for the existence of locale.h, stddef.h, or stdlib.h.
The jsimd_quantize_float_dspr2() and jsimd_convsamp_float_dspr2() functions in the MIPS DSPr2 SIMD extensions are now disabled at compile time if the soft float ABI is enabled. Those functions use instructions that are incompatible with the soft float ABI.
Fixed a regression in the SIMD feature detection code, introduced by the AVX2 SIMD extensions (2.0 beta1[1]), that caused libjpeg-turbo to crash on Windows 7 if Service Pack 1 was not installed.
Fixed out-of-bounds read in cjpeg that occurred when attempting to compress a specially-crafted malformed color-index (8-bit-per-sample) Targa file in which some of the samples (color indices) exceeded the bounds of the Targa file's color table.
Fixed an issue whereby installing a fully static build of libjpeg-turbo (a build in which CFLAGS contains -static and ENABLE_SHARED is 0) would fail with "No valid ELF RPATH or RUNPATH entry exists in the file."
2.0.0
The TurboJPEG API can now decompress CMYK JPEG images that have subsampled M and Y components (not to be confused with YCCK JPEG images, in which the C/M/Y components have been transformed into luma and chroma.) Previously, an error was generated ("Could not determine subsampling type for JPEG image") when such an image was passed to tjDecompressHeader3(), tjTransform(), tjDecompressToYUVPlanes(), tjDecompressToYUV2(), or the equivalent Java methods.
Fixed an issue (CVE-2018-11813) whereby a specially-crafted malformed input file (specifically, a file with a valid Targa header but incomplete pixel data) would cause cjpeg to generate a JPEG file that was potentially thousands of times larger than the input file. The Targa reader in cjpeg was not properly detecting that the end of the input file had been reached prematurely, so after all valid pixels had been read from the input, the reader injected dummy pixels with values of 255 into the JPEG compressor until the number of pixels specified in the Targa header had been compressed. The Targa reader in cjpeg now behaves like the PPM reader and aborts compression if the end of the input file is reached prematurely. Because this issue only affected cjpeg and not the underlying library, and because it did not involve any out-of-bounds reads or other exploitable behaviors, it was not believed to represent a security threat.
Fixed an issue whereby the tjLoadImage() and tjSaveImage() functions would produce a "Bogus message code" error message if the underlying bitmap and PPM readers/writers threw an error that was specific to the readers/writers (as opposed to a general libjpeg API error.)
Fixed an issue (CVE-2018-1152) whereby a specially-crafted malformed BMP file, one in which the header specified an image width of 1073741824 pixels, would trigger a floating point exception (division by zero) in the tjLoadImage() function when attempting to load the BMP file into a 4-component image buffer.
Fixed an issue whereby certain combinations of calls to jpeg_skip_scanlines() and jpeg_read_scanlines() could trigger an infinite loop when decompressing progressive JPEG images that use vertical chroma subsampling (for instance, 4:2:0 or 4:4:0.)
Fixed a segfault in jpeg_skip_scanlines() that occurred when decompressing a 4:2:2 or 4:2:0 JPEG image using the merged (non-fancy) upsampling algorithms (that is, when setting cinfo.do_fancy_upsampling to FALSE.)
The new CMake-based build system will now disable the MIPS DSPr2 SIMD extensions if it detects that the compiler does not support DSPr2 instructions.
Fixed out-of-bounds read in cjpeg (CVE-2018-14498) that occurred when attempting to compress a specially-crafted malformed color-index (8-bit-per-sample) BMP file in which some of the samples (color indices) exceeded the bounds of the BMP file's color table.
Fixed a signed integer overflow in the progressive Huffman decoder, detected by the Clang and GCC undefined behavior sanitizers, that could be triggered by attempting to decompress a specially-crafted malformed JPEG image. This issue did not pose a security threat, but removing the warning made it easier to detect actual security issues, should they arise in the future.
v1.11.0
Closed Issues
Please bump mkdirp to fix mkdirp@0.5.1 vulnerability
Support optional-chaining
Please support es module
Support new js proposals: optional-chaining & pipeline-operator
Optional closing not implemented
lsof expects to be able to walk the namecache as a linked list using
kmem grovelling. The namecache on NetBSD now uses rbtree instead of
hash buckets + linked list. While it's certainly possible to iterate an
rbtree using kmem it's also more complicated and code doesn't exist yet.
Unfortunately this means lsof for now doesn't resolve pathnames for
type VREG.
