Pkgsrc changes:
* Fix == in shell script test.
* Add some patches to make this build on NetBSD.
Upstream changes:
## 1.2.3 (September 12, 2019)
FEATURES:
* Oracle Cloud (OCI) Integration: Vault now support using Oracle
Cloud for storage, auto unseal, and authentication.
IMPROVEMENTS:
* auth/jwt: Groups claim matching now treats a string response
as a single element list [JWT-63]
* auth/kubernetes: enable better support for projected tokens
API by allowing user to specify issuer [GH-65]
* auth/pcf: The PCF auth plugin was renamed to the CF auth plugin,
maintaining full backwards compatibility [GH-7346]
* replication: Premium packages now come with unlimited performance
standby nodes
BUG FIXES:
* agent: Allow batch tokens and other non-renewable tokens to be
used for agent operations [GH-7441]
* auth/jwt: Fix an error where newer (v1.2) token_* configuration
parameters were not being applied to tokens generated using
the OIDC login flow [JWT-67]
* seal/transit: Allow using Vault Agent for transit seal operations
[GH-7441]
* storage/couchdb: Fix a file descriptor leak [GH-7345]
* ui: Fix a bug where the status menu would disappear when trying
to revoke a token [GH-7337]
* ui: Fix a regression that prevented input of custom items in
search-select [GH-7338]
* ui: Fix an issue with the namespace picker being unable to
render nested namespaces named with numbers and sorting of
namespaces in the picker [GH-7333]
## 1.2.2 (August 15, 2019)
CHANGES:
* auth/pcf: The signature format has been updated to use the
standard Base64 encoding instead of the URL-safe variant.
Signatures created using the previous format will continue to
be accepted [PCF-27]
* core: The http response code returned when an identity token
key is not found has been changed from 400 to 404
IMPROVEMENTS:
* identity: Remove 512 entity limit for groups [GH-7317]
BUG FIXES:
* auth/approle: Fix an error where an empty token_type string
was not being correctly handled as TokenTypeDefault [GH-7273]
* auth/radius: Fix panic when logging in [GH-7286]
* ui: the string-list widget will now honor multiline input [GH-7254]
* ui: various visual bugs in the KV interface were addressed [GH-7307]
* ui: fixed incorrect URL to access help in LDAP auth [GH-7299]
1.2.1 (August 6th, 2019)
BUG FIXES:
* agent: Fix a panic on creds pulling in some error conditions
in aws and alicloud auth methods [GH-7238]
* auth/approle: Fix error reading role-id on a role created
pre-1.2 [GH-7231]
* auth/token: Fix sudo check in non-root namespaces on create
[GH-7224]
* core: Fix health checks with perfstandbyok=true returning the
wrong status code [GH-7240]
* ui: The web CLI will now parse input as a shell string, with
special characters escaped [GH-7206]
* ui: The UI will now redirect to a page after authentication
[GH-7088]
* ui (Enterprise): The list of namespaces is now cleared when
logging out [GH-7186]
## 1.2.0 (July 30th, 2019)
CHANGES:
* Token store roles use new, common token fields for the values
that overlap with other auth backends. period, explicit_max_ttl,
and bound_cidrs will continue to work, with priority being
given to the token_ prefixed versions of those parameters. They
will also be returned when doing a read on the role if they
were used to provide values initially; however, in Vault 1.4
if period or explicit_max_ttl is zero they will no longer be
returned. (explicit_max_ttl was already not returned if empty.)
* Due to underlying changes in Go version 1.12 and Go > 1.11.5,
Vault is now stricter about what characters it will accept in
path names. Whereas before it would filter out unprintable
characters (and this could be turned off), control characters
and other invalid characters are now rejected within Go's HTTP
library before the request is passed to Vault, and this cannot
be disabled. To continue using these (e.g. for already-written
paths), they must be properly percent-encoded (e.g. \r becomes
%0D, \x00 becomes %00, and so on).
* The user-configured regions on the AWSKMS seal stanza will now
be preferred over regions set in the enclosing environment.
This is a breaking change.
* All values in audit logs now are omitted if they are empty.
This helps reduce the size of audit log entries by not reproducing
keys in each entry that commonly don't contain any value, which
can help in cases where audit log entries are above the maximum
UDP packet size and others.
* Both PeriodicFunc and WALRollback functions will be called if
both are provided. Previously WALRollback would only be called
if PeriodicFunc was not set. See GH-6717 for details.
* Vault now uses Go's official dependency management system, Go
Modules, to manage dependencies. As a result to both reduce
transitive dependencies for API library users and plugin authors,
and to work around various conflicts, we have moved various
helpers around, mostly under an sdk/ submodule. A couple of
functions have also moved from plugin helper code to the api/
submodule. If you are a plugin author, take a look at some of
our official plugins and the paths they are importing for
guidance.
* AppRole uses new, common token fields for values that overlap
with other auth backends. period and policies will continue to
work, with priority being given to the token_ prefixed versions
of those parameters. They will also be returned when doing a
read on the role if they were used to provide values initially.
* In AppRole, "default" is no longer automatically added to the
policies parameter. This was a no-op since it would always be
added anyways by Vault's core; however, this can now be explicitly
disabled with the new token_no_default_policy field.
* In AppRole, bound_cidr_list is no longer returned when reading
a role
* rollback: Rollback will no longer display log messages when it
runs; it will only display messages on error.
* Database plugins will now default to 4 max_open_connections
rather than 2.
FEATURES:
* Integrated Storage: Vault 1.2 includes a tech preview of a new
way to manage storage directly within a Vault cluster. This
new integrated storage solution is based on the Raft protocol
which is also used to back HashiCorp Consul and HashiCorp Nomad.
* Combined DB credential rotation: Alternative mode for the
Combined DB Secret Engine to automatically rotate existing
database account credentials and set Vault as the source of
truth for credentials.
* Identity Tokens: Vault's Identity system can now generate
OIDC-compliant ID tokens. These customizable tokens allow
encapsulating a signed, verifiable snapshot of identity
information and metadata. They can be use by other applications-even
those without Vault authorization-as a way of establishing
identity based on a Vault entity.
* Pivotal Cloud Foundry plugin: New auth method using Pivotal
Cloud Foundry certificates for Vault authentication.
* ElasticSearch database plugin: New ElasticSearch database plugin
issues unique, short-lived ElasticSearch credentials.
* New UI Features: An HTTP Request Volume Page and new UI for
editing LDAP Users and Groups have been added.
* HA support for Postgres: PostgreSQL versions >= 9.5 may now
but used as and HA storage backend.
* KMIP secrets engine (Enterprise): Allows Vault to operate as
a KMIP Server, seamlessly brokering cryptographic operations
for traditional infrastructure.
* Common Token Fields: Auth methods now use common fields for
controlling token behavior, making it easier to understand
configuration across methods.
* Vault API explorer: The Vault UI now includes an embedded API
explorer where you can browse the endpoints avaliable to you
and make requests. To try it out, open the Web CLI and type
api.
IMPROVEMENTS:
* agent: Allow EC2 nonce to be passed in [GH-6953]
* agent: Add optional namespace parameter, which sets the default
namespace for the auto-auth functionality [GH-6988]
* agent: Add cert auto-auth method [GH-6652]
* api: Add support for passing data to delete operations via
DeleteWithData [GH-7139]
* audit/file: Dramatically speed up file operations by changing
locking/marshaling order [GH-7024]
* auth/jwt: A JWKS endpoint may now be configured for signature
verification [JWT-43]
* auth/jwt: A new verbose_oidc_logging role parameter has been
added to help troubleshoot OIDC configuration [JWT-57]
* auth/jwt: bound_claims will now match received claims that are
lists if any element of the list is one of the expected values
[JWT-50]
* auth/jwt: Leeways for nbf and exp are now configurable, as is
clock skew leeway [JWT-53]
* auth/kubernetes: Allow service names/namespaces to be configured
as globs [KUBEAUTH-58]
* auth/token: Allow the support of the identity system for the
token backend via token roles [GH-6267]
* auth/token: Add a large set of token configuration options to
token store roles [GH-6662]
* cli: path-help now allows -format=json to be specified, which
will output OpenAPI [GH-7006]
* cli: Add support for passing parameters to vault delete operations
[GH-7139]
* cli: Add a log-format CLI flag that can specify either "standard"
or "json" for the log format for the vault servercommand.
[GH-6840]
* cli: Add -dev-no-store-token to allow dev servers to not store
the generated token at the tokenhelper location [GH-7104]
* identity: Allow a group alias' canonical ID to be modified
* namespaces: Namespaces can now be created and deleted from
performance replication secondaries
* plugins: Change the default for max_open_connections for DB
plugins to 4 [GH-7093]
* replication: Client TLS authentication is now supported when
enabling or updating a replication secondary
* secrets/database: Cassandra operations will now cancel on client
timeout [GH-6954]
* secrets/kv: Add optional delete_version_after parameter, which
takes a duration and can be set on the mount and/or the metadata
for a specific key [GH-7005]
* storage/postgres: LIST now performs better on large datasets
[GH-6546]
* storage/s3: A new path parameter allows selecting the path
within a bucket for Vault data [GH-7157]
* ui: KV v1 and v2 will now gracefully degrade allowing a write
without read workflow in the UI [GH-6570]
* ui: Many visual improvements with the addition of Toolbars
[GH-6626], the restyling of the Confirm Action component
[GH-6741], and using a new set of glyphs for our Icon component
[GH-6736]
* ui: Lazy loading parts of the application so that the total
initial payload is smaller [GH-6718]
* ui: Tabbing to auto-complete in filters will first complete a
common prefix if there is one [GH-6759]
* ui: Removing jQuery from the application makes the initial JS
payload smaller [GH-6768]
BUG FIXES:
* audit: Log requests and responses due to invalid wrapping token
provided [GH-6541]
* audit: Fix bug preventing request counter queries from working
with auditing enabled [GH-6767
* auth/aws: AWS Roles are now upgraded and saved to the latest
version just after the AWS credential plugin is mounted.
[GH-7025]
* auth/aws: Fix a case where a panic could stem from a malformed
assumed-role ARN when parsing this value [GH-6917]
* auth/aws: Fix an error complaining about a read-only view that
could occur during updating of a role when on a performance
replication secondary [GH-6926]
* auth/jwt: Fix a regression introduced in 1.1.1 that disabled
checking of client_id for OIDC logins [JWT-54]
* auth/jwt: Fix a panic during OIDC CLI logins that could occur
if the Vault server response is empty [JWT-55]
* auth/jwt: Fix issue where OIDC logins might intermittently fail
when using performance standbys [JWT-61]
* identity: Fix a case where modifying aliases of an entity could
end up moving the entity into the wrong namespace
* namespaces: Fix a behavior (currently only known to be benign)
where we wouldn't delete policies through the official functions
before wiping the namespaces on deletion
* secrets/database: Escape username/password before using in
connection URL [GH-7089]
* secrets/pki: Forward revocation requests to active node when
on a performance standby [GH-7173]
* ui: Fix timestamp on some transit keys [GH-6827]
* ui: Show Entities and Groups in Side Navigation [GH-7138]
* ui: Ensure dropdown updates selected item on HTTP Request
Metrics page
## 1.1.4/1.1.5 (July 25th/30th, 2019)
NOTE:
Although 1.1.4 was tagged, we realized very soon after the tag was
publicly pushed that an intended fix was accidentally left out. As
a result, 1.1.4 was not officially announced and 1.1.5 should be
used as the release after 1.1.3.
IMPROVEMENTS:
* identity: Allow a group alias' canonical ID to be modified
* namespaces: Improve namespace deletion performance [GH-6939]
* namespaces: Namespaces can now be created and deleted from
performance replication secondaries
BUG FIXES:
* api: Add backwards compat support for API env vars [GH-7135]
* auth/aws: Fix a case where a panic could stem from a malformed
assumed-role ARN when parsing this value [GH-6917]
* auth/ldap: Add use_pre111_group_cn_behavior flag to allow
recovering from a regression caused by a bug fix starting in
1.1.1 [GH-7208]
* auth/aws: Use a role cache to avoid separate locking paths
[GH-6926]
* core: Fix a deadlock if a panic happens during request handling
[GH-6920]
* core: Fix an issue that may cause key upgrades to not be cleaned
up properly [GH-6949]
* core: Don't shutdown if key upgrades fail due to canceled
context [GH-7070]
* core: Fix panic caused by handling requests while vault is
inactive
* identity: Fix reading entity and groups that have spaces in
their names [GH-7055]
* identity: Ensure entity alias operations properly verify
namespace [GH-6886]
* mfa: Fix a nil pointer panic that could occur if invalid Duo
credentials were supplied
* replication: Forward step-down on perf standbys to match HA
behavior
* replication: Fix various read only storage errors on performance
standbys
* replication: Stop forwarding before stopping replication to
eliminate some possible bad states
* secrets/database: Allow cassandra queries to be cancled [GH-6954]
* storage/consul: Fix a regression causing vault to not connect
to consul over unix sockets [GH-6859]
* ui: Fix saving of TTL and string array fields generated by Open
API [GH-7094]
## 1.1.3 (June 5th, 2019)
IMPROVEMENTS:
* agent: Now supports proxying request query parameters [GH-6772]
* core: Mount table output now includes a UUID indicating the
storage path [GH-6633]
* core: HTTP server timeout values are now configurable [GH-6666]
* replication: Improve performance of the reindex operation on
secondary clusters when mount filters are in use
* replication: Replication status API now returns the state and
progress of a reindex
BUG FIXES:
* api: Return the Entity ID in the secret output [GH-6819]
* auth/jwt: Consider bound claims when considering if there is at least one
bound constraint [JWT-49]
* auth/okta: Fix handling of group names containing slashes [GH-6665]
* cli: Add deprecated stored-shares flag back to the init command [GH-6677]
* cli: Fix a panic when the KV command would return no data [GH-6675]
* cli: Fix issue causing CLI list operations to not return proper format when
there is an empty response [GH-6776]
* core: Correctly honor non-HMAC request keys when auditing requests [GH-6653]
* core: Fix the `x-vault-unauthenticated` value in OpenAPI for a number of
endpoints [GH-6654]
* core: Fix issue where some OpenAPI parameters were incorrectly listed as
being sent as a header [GH-6679]
* core: Fix issue that would allow duplicate mount names to be used [GH-6771]
* namespaces: Fix behavior when using `root` instead of `root/` as the
namespace header value
* pki: fix a panic when a client submits a null value [GH-5679]
* replication: Properly update mount entry cache on a secondary to apply all
new values after a tune
* replication: Properly close connection on bootstrap error
* replication: Fix an issue causing startup problems if a namespace policy
wasn't replicated properly
* replication: Fix longer than necessary WAL replay during an initial reindex
* replication: Fix error during mount filter invalidation on DR
secondary clusters
* secrets/ad: Make time buffer configurable [AD-35]
* secrets/gcp: Check for nil config when getting credentials [SGCP-35]
* secrets/gcp: Fix error checking in some cases where the returned value could
be 403 instead of 404 [SGCP-37]
* secrets/gcpkms: Disable key rotation when deleting a key [GCPKMS-10]
* storage/consul: recognize `https://` address even if schema not specified
[GH-6602]
* storage/dynamodb: Fix an issue where a deleted lock key in DynamoDB (HA)
could cause constant switching of the active node [GH-6637]
* storage/dynamodb: Eliminate a high-CPU condition that could occur if an
error was received from the DynamoDB API [GH-6640]
* storage/gcs: Correctly use configured chunk size values [GH-6655]
* storage/mssql: Use the correct database when pre-created schemas exist
[GH-6356]
* ui: Fix issue with select arrows on drop down menus [GH-6627]
* ui: Fix an issue where sensitive input values weren't being saved to the
server [GH-6586]
* ui: Fix web cli parsing when using quoted values [GH-6755]
* ui: Fix a namespace workflow mapping identities from external namespaces by
allowing arbitrary input in search-select component [GH-6728]
* core: Fix issue that would allow duplicate mount names to be used [GH-6771]
* namespaces: Fix behavior when using `root` instead of `root/` as the
namespace header value
* pki: fix a panic when a client submits a null value [GH-5679]
* replication: Properly update mount entry cache on a secondary to apply all
new values after a tune
* replication: Properly close connection on bootstrap error
* replication: Fix an issue causing startup problems if a namespace policy
wasn't replicated properly
* replication: Fix longer than necessary WAL replay during an initial reindex
* replication: Fix error during mount filter invalidation on DR
secondary clusters
* secrets/ad: Make time buffer configurable [AD-35]
* secrets/gcp: Check for nil config when getting credentials [SGCP-35]
* secrets/gcp: Fix error checking in some cases where the returned value could
be 403 instead of 404 [SGCP-37]
* secrets/gcpkms: Disable key rotation when deleting a key [GCPKMS-10]
* storage/consul: recognize `https://` address even if schema not specified
[GH-6602]
* storage/dynamodb: Fix an issue where a deleted lock key in DynamoDB (HA)
could cause constant switching of the active node [GH-6637]
* storage/dynamodb: Eliminate a high-CPU condition that could occur if an
error was received from the DynamoDB API [GH-6640]
* storage/gcs: Correctly use configured chunk size values [GH-6655]
* storage/mssql: Use the correct database when pre-created schemas exist
[GH-6356]
* ui: Fix issue with select arrows on drop down menus [GH-6627]
* ui: Fix an issue where sensitive input values weren't being saved to the
server [GH-6586]
* ui: Fix web cli parsing when using quoted values [GH-6755]
* ui: Fix a namespace workflow mapping identities from external namespaces by
allowing arbitrary input in search-select component [GH-6728]
## 1.1.2 (April 18th, 2019)
This is a bug fix release containing the two items below. It is otherwise
unchanged from 1.1.1.
BUG FIXES:
* auth/okta: Fix a potential dropped error [GH-6592]
* secrets/kv: Fix a regression on upgrade where a KVv2 mount could fail to be
mounted on unseal if it had previously been mounted but not written to
[KV-31]
## 1.1.1 (April 11th, 2019)
SECURITY:
* Given: (a) performance replication is enabled; (b) performance standbys are
in use on the performance replication secondary cluster; and (c) mount
filters are in use, if a mount that was previously available to a secondary
is updated to be filtered out, although the data would be removed from the
secondary cluster, the in-memory cache of the data would not be purged on
the performance standby nodes. As a result, the previously-available data
could still be read from memory if it was ever read from disk, and if this
included mount configuration data this could result in token or lease
BUG FIXES:
* agent: Allow auto-auth to be used with caching without having to define any
sinks [GH-6468]
* agent: Disallow some nonsensical config file combinations [GH-6471]
* auth/ldap: Fix CN check not working if CN was not all in uppercase [GH-6518]
* auth/jwt: The CLI helper for OIDC logins will now open the
browser to the correct URL when running on Windows [JWT-37]
* auth/jwt: Fix OIDC login issue where configured TLS certs weren't
being used [JWT-40]
* auth/jwt: Fix an issue where the `oidc_scopes` parameter was
not being included in the response to a role read request [JWT-35]
* core: Fix seal migration case when migrating to Shamir and a seal block
wasn't explicitly specified [GH-6455]
* core: Fix unwrapping when using namespaced wrapping tokens [GH-6536]
* core: Fix incorrect representation of required properties in OpenAPI output
[GH-6490]
* core: Fix deadlock that could happen when using the UI [GH-6560]
* identity: Fix updating groups removing existing members [GH-6527]
* identity: Properly invalidate group alias in performance secondary [GH-6564]
* identity: Use namespace context when loading entities and groups to ensure
merging of duplicate entries works properly [GH-6563]
* replication: Fix performance standby election failure [GH-6561]
* replication: Fix mount filter invalidation on performance standby nodes
* replication: Fix license reloading on performance standby nodes
* replication: Fix handling of control groups on performance standby nodes
* replication: Fix some forwarding scenarios with request bodies using
performance standby nodes [GH-6538]
* secret/gcp: Fix roleset binding when using JSON [GCP-27]
* secret/pki: Use `uri_sans` param in when not using CSR parameters [GH-6505]
* storage/dynamodb: Fix a race condition possible in HA configurations
that could leave the cluster without a leader [GH-6512]
* ui: Fix an issue where in production builds OpenAPI model
generation was failing, causing any form using it to render
labels with missing fields [GH-6474]
* ui: Fix issue nav-hiding when moving between namespaces [GH-6473]
* ui: Secrets will always show in the nav regardless of access to
cubbyhole [GH-6477]
* ui: fix SSH OTP generation [GH-6540]
* ui: add polyfill to load UI in IE11 [GH-6567]
* ui: Fix issue where some elements would fail to work properly if using ACLs
with segment-wildcard paths (`/+/` segments) [GH-6525]
## 1.1.0 (March 18th, 2019)
CHANGES:
* auth/jwt: The `groups_claim_delimiter_pattern` field has been removed. If the
groups claim is not at the top level, it can now be specified as a
[JSONPointer](https://tools.ietf.org/html/rfc6901).
* auth/jwt: Roles now have a "role type" parameter with a default type of
"oidc". To configure new JWT roles, a role type of "jwt" must be explicitly
specified.
* cli: CLI commands deprecated in 0.9.2 are now removed. Please see the CLI
help/warning output in previous versions of Vault for updated commands.
* core: Vault no longer automatically mounts a K/V backend at the "secret/"
path when initializing Vault
* core: Vault's cluster port will now be open at all times on HA standby nodes
* plugins: Vault no longer supports running netRPC plugins. These were
deprecated in favor of gRPC based plugins and any plugin built since 0.9.4
defaults to gRPC. Older plugins may need to be recompiled against the latest
Vault dependencies.
FEATURES:
* **Vault Agent Caching**: Vault Agent can now be configured to act as a
caching proxy to Vault. Clients can send requests to Vault Agent and the
request will be proxied to the Vault server and cached locally in Agent.
Currently Agent will cache generated leases and tokens and keep them
renewed. The proxy can also use the Auto Auth feature so clients do not need
to authenticate to Vault, but rather can make requests to Agent and have
Agent fully manage token lifecycle.
* **OIDC Redirect Flow Support**: The JWT auth backend now supports OIDC
roles. These allow authentication via an OIDC-compliant provider via the
user's browser. The login may be initiated from the Vault UI or through
the `vault login` command.
* **ACL Path Wildcard**: ACL paths can now use the `+` character to enable
wild card matching for a single directory in the path definition.
* **Transit Auto Unseal**: Vault can now be configured to use the Transit
Secret Engine in another Vault cluster as an auto unseal provider.
IMPROVEMENTS:
* auth/jwt: A default role can be set. It will be used during
JWT/OIDC logins if a role is not specified.
* auth/jwt: Arbitrary claims data can now be copied into token &
alias metadata.
* auth/jwt: An arbitrary set of bound claims can now be configured for a role.
* auth/jwt: The name "oidc" has been added as an alias for the
jwt backend. Either name may be specified in the `auth enable` command.
* command/server: A warning will be printed when 'tls_cipher_suites'
includes a blacklisted cipher suite or all cipher suites are blacklisted
by the HTTP/2 specification [GH-6300]
* core/metrics: Prometheus pull support using a new sys/metrics
endpoint. [GH-5308]
* core: On non-windows platforms a SIGUSR2 will make the server log a dump of
all running goroutines' stack traces for debugging purposes [GH-6240]
* replication: The initial replication indexing process on newly
initialized or upgraded clusters now runs asynchronously
* sentinel: Add token namespace id and path, available in rules as
token.namespace.id and token.namespace.path
* ui: The UI is now leveraging OpenAPI definitions to pull in
fields for various forms. This means, it will not be necessary to add
fields on the go and JS sides in the future. [GH-6209]
BUG FIXES:
* auth/jwt: Apply `bound_claims` validation across all login paths
* auth/jwt: Update `bound_audiences` validation during non-OIDC
logins to accept any matched audience, as documented and handled
in OIDC logins [JWT-30]
* auth/token: Fix issue where empty values for token role update call were
ignored [GH-6314]
* core: The `operator migrate` command will no longer hang on empty key names
[GH-6371]
* identity: Fix a panic at login when external group has a nil alias [GH-6230]
* namespaces: Clear out identity store items upon namespace deletion
* replication/perfstandby: Fixed a bug causing performance standbys to wait
longer than necessary after forwarding a write to the active node
* replication/mountfilter: Fix a deadlock that could occur when mount filters
were updated [GH-6426]
* secret/kv: Fix issue where a v1âv2 upgrade could run on a performance
standby when using a local mount
* secret/ssh: Fix for a bug where attempting to delete the last ssh role
in the zeroaddress configuration could fail [GH-6390]
* secret/totp: Uppercase provided keys so they don't fail base32 validation
[GH-6400]
* secret/transit: Multiple HMAC, Sign or Verify operations can now be
performed with one API call using the new `batch_input` parameter [GH-5875]
* sys: `sys/internal/ui/mounts` will no longer return secret or auth mounts
that have been filtered. Similarly, `sys/internal/ui/mount/:path` will
return a error response if a filtered mount path is requested. [GH-6412]
* ui: Fix for a bug where you couldn't access the data tab after clicking on
wrap details on the unwrap page [GH-6404]
* ui: Fix an issue where the policies tab was erroneously hidden [GH-6301]
* ui: Fix encoding issues with kv interfaces [GH-6294]
## 1.0.3.1 (March 14th, 2019) (Enterprise Only)
SECURITY:
* A regression was fixed in replication mount filter code introduced in Vault
1.0 that caused the underlying filtered data to be replicated to
secondaries. This data was not accessible to users via Vault's API but via a
combination of privileged configuration file changes/Vault commands it could
be read. Upgrading to this version or 1.1 will fix this issue and cause the
replicated data to be deleted from filtered secondaries. More information
was sent to customer contacts on file.
## 1.0.3 (February 12th, 2019)
CHANGES:
* New AWS authentication plugin mounts will default to using the generated
role ID as the Identity alias name. This applies to both EC2 and IAM auth.
Existing mounts that explicitly set this value will not be affected but
mounts that specified no preference will switch over on upgrade.
* The default policy now allows a token to look up its associated identity
entity either by name or by id [GH-6105]
* The Vault UI's navigation and onboarding wizard now only displays items that
are permitted in a users' policy [GH-5980, GH-6094]
* An issue was fixed that caused recovery keys to not work on
secondary clusters when using a different unseal mechanism/key
than the primary. This would be hit if the cluster was rekeyed
or initialized after 1.0. We recommend rekeying the recovery
keys on the primary cluster if you meet the above requirements.
FEATURES:
* **cURL Command Output**: CLI commands can now use the `-output-curl-string`
flag to print out an equivalent cURL command.
* **Response Headers From Plugins**: Plugins can now send back headers that
will be included in the response to a client. The set of allowed headers can
be managed by the operator.
IMPROVEMENTS:
* auth/aws: AWS EC2 authentication can optionally create entity aliases by
role ID [GH-6133]
* auth/jwt: The supported set of signing algorithms is now configurable [JWT
plugin GH-16]
* core: When starting from an uninitialized state, HA nodes will now attempt
to auto-unseal using a configured auto-unseal mechanism after the active
node initializes Vault [GH-6039]
* secret/database: Add socket keepalive option for Cassandra [GH-6201]
* secret/ssh: Add signed key constraints, allowing enforcement of key types
and minimum key sizes [GH-6030]
* secret/transit: ECDSA signatures can now be marshaled in JWS-compatible
fashion [GH-6077]
* storage/etcd: Support SRV service names [GH-6087]
* storage/aws: Support specifying a KMS key ID for server-side encryption
[GH-5996]
BUG FIXES:
* core: Fix a rare case where a standby whose connection is entirely torn down
to the active node, then reconnects to the same active node, may not
successfully resume operation [GH-6167]
* cors: Don't duplicate headers when they're written [GH-6207]
* identity: Persist merged entities only on the primary [GH-6075]
* replication: Fix a potential race when a token is created and then used with
a performance standby very quickly, before an associated entity has been
replicated. If the entity is not found in this scenario, the request will
forward to the active node.
* replication: Fix issue where recovery keys would not work on secondary
clusters if using a different unseal mechanism than the primary.
* replication: Fix a "failed to register lease" error when using performance
standbys
* storage/postgresql: The `Get` method will now return an Entry object with
the `Key` member correctly populated with the full path that was requested
instead of just the last path element [GH-6044]
## 1.0.2 (January 15th, 2019)
SECURITY:
* When creating a child token from a parent with `bound_cidrs`, the list of
CIDRs would not be propagated to the child token, allowing the child token
to be used from any address.
CHANGES:
* secret/aws: Role now returns `credential_type` instead of `credential_types`
to match role input. If a legacy role that can supply more than one
credential type, they will be concatenated with a `,`.
* physical/dynamodb, autoseal/aws: Instead of Vault performing environment
variable handling, and overriding static (config file) values if found, we
use the default AWS SDK env handling behavior, which also looks for
deprecated values. If you were previously providing both config values and
environment values, please ensure the config values are unset if you want to
use environment values.
* Namespaces (Enterprise): Providing "root" as the header value for
`X-Vault-Namespace` will perform the request on the root namespace. This is
equivalent to providing an empty value. Creating a namespace called "root" in
the root namespace is disallowed.
FEATURES:
* **InfluxDB Database Plugin**: Use Vault to dynamically create
and manage InfluxDB users
IMPROVEMENTS:
* auth/aws: AWS EC2 authentication can optionally create entity aliases by
image ID [GH-5846]
* autoseal/gcpckms: Reduce the required permissions for the GCPCKMS autounseal
[GH-5999]
* physical/foundationdb: TLS support added. [GH-5800]
BUG FIXES:
* api: Fix a couple of places where we were using the `LIST` HTTP verb
(necessary to get the right method into the wrapping lookup function) and
not then modifying it to a `GET`; although this is officially the verb Vault
uses for listing and it's fully legal to use custom verbs, since many WAFs
and API gateways choke on anything outside of RFC-standardized verbs we fall
back to `GET` [GH-6026]
* autoseal/aws: Fix reading session tokens when AWS access key/secret key are
also provided [GH-5965]
* command/operator/rekey: Fix help output showing `-delete-backup` when it
should show `-backup-delete` [GH-5981]
* core: Fix bound_cidrs not being propagated to child tokens
* replication: Correctly forward identity entity creation that originates from
performance standby nodes (Enterprise)
* secret/aws: Make input `credential_type` match the output type (string, not
array) [GH-5972]
* secret/cubbyhole: Properly cleanup cubbyhole after token revocation [GH-6006]
* secret/pki: Fix reading certificates on windows with the file
storage backend [GH-6013]
* ui (enterprise): properly display perf-standby count on the
license page [GH-5971]
* ui: fix disappearing nested secrets and go to the nearest parent
when deleting a secret - [GH-5976]
* ui: fix error where deleting an item via the context menu would fail if the
item name contained dots [GH-6018]
* ui: allow saving of kv secret after an errored save attempt [GH-6022]
* ui: fix display of kv-v1 secret containing a key named "keys" [GH-6023]
## 1.0.1 (December 14th, 2018)
SECURITY:
* Update version of Go to 1.11.3 to fix Go bug
https://github.com/golang/go/issues/29233 which corresponds to
CVE-2018-16875
* Database user revocation: If a client has configured custom revocation
statements for a role with a value of `""`, that statement would be executed
verbatim, resulting in a lack of actual revocation but success for the
operation. Vault will now strip empty statements from any provided; as a
result if an empty statement is provided, it will behave as if no statement
is provided, falling back to the default revocation statement.
CHANGES:
* secret/database: On role read, empty statements will be returned as empty
slices instead of potentially being returned as JSON null values. This makes
it more in line with other parts of Vault and makes it easier for statically
typed languages to interpret the values.
IMPROVEMENTS:
* cli: Strip iTerm extra characters from password manager input [GH-5837]
* command/server: Setting default kv engine to v1 in -dev mode can now be
specified via -dev-kv-v1 [GH-5919]
* core: Add operationId field to OpenAPI output [GH-5876]
* ui: Added ability to search for Group and Policy IDs when creating Groups
and Entities instead of typing them in manually
BUG FIXES:
* auth/azure: Cache azure authorizer [15]
* auth/gcp: Remove explicit project for service account in GCE authorizer [58]
* cli: Show correct stored keys/threshold for autoseals [GH-5910]
* cli: Fix backwards compatibility fallback when listing plugins [GH-5913]
* core: Fix upgrades when the seal config had been created on early versions
of vault [GH-5956]
* namespaces: Correctly reload the proper mount when tuning or reloading the
mount [GH-5937]
* secret/azure: Cache azure authorizer [19]
* secret/database: Strip empty statements on user input [GH-5955]
* secret/gcpkms: Add path for retrieving the public key [5]
* secret/pki: Fix panic that could occur during tidy operation when malformed
data was found [GH-5931]
* secret/pki: Strip empty line in ca_chain output [GH-5779]
* ui: Fixed a bug where the web CLI was not usable via the `fullscreen`
command - [GH-5909]
* ui: Fix a bug where you couldn't write a jwt auth method config [GH-5936]
## 0.11.6 (December 14th, 2018)
This release contains the three security fixes from 1.0.0 and 1.0.1 and the
following bug fixes from 1.0.0/1.0.1:
* namespaces: Correctly reload the proper mount when tuning or reloading the
mount [GH-5937]
* replication/perfstandby: Fix audit table upgrade on standbys [GH-5811]
* replication/perfstandby: Fix redirect on approle update [GH-5820]
* secrets/kv: Fix issue where storage version would get incorrectly downgraded
[GH-5809]
It is otherwise identical to 0.11.5.
## 1.0.0 (December 3rd, 2018)
SECURITY:
* When debugging a customer incident we discovered that in the case of
malformed data from an autoseal mechanism, Vault's master key could be
logged in Vault's server log. For this to happen, the data would need to be
modified by the autoseal mechanism after being submitted to it by Vault but
prior to encryption, or after decryption, prior to it being returned to
Vault. To put it another way, it requires the data that Vault submits for
encryption to not match the data returned after decryption. It is not
sufficient for the autoseal mechanism to return an error, and it cannot be
triggered by an outside attacker changing the on-disk ciphertext as all
autoseal mechanisms use authenticated encryption. We do not believe that
this is generally a cause for concern; since it involves the autoseal
mechanism returning bad data to Vault but with no error, in a working Vault
configuration this code path should never be hit, and if hitting this issue
Vault will not be unsealing properly anyways so it will be obvious what is
happening and an immediate rekey of the master key can be performed after
service is restored. We have filed for a CVE (CVE-2018-19786) and a CVSS V3
score of 5.2 has been assigned.
CHANGES:
* Tokens are now prefixed by a designation to indicate what type of token they
are. Service tokens start with `s.` and batch tokens start with `b.`.
Existing tokens will still work (they are all of service type and will be
considered as such). Prefixing allows us to be more efficient when consuming
a token, which keeps the critical path of requests faster.
* Paths within `auth/token` that allow specifying a token or accessor in the
URL have been removed. These have been deprecated since March 2016 and
undocumented, but were retained for backwards compatibility. They shouldn't
be used due to the possibility of those paths being logged, so at this point
they are simply being removed.
* Vault will no longer accept updates when the storage key has invalid UTF-8
character encoding [GH-5819]
* Mount/Auth tuning the `options` map on backends will now upsert any provided
values, and keep any of the existing values in place if not provided. The
options map itself cannot be unset once it's set, but the keypairs within the
map can be unset if an empty value is provided, with the exception of the
`version` keypair which is handled differently for KVv2 purposes.
* Agent no longer automatically reauthenticates when new credentials are
detected. It's not strictly necessary and in some cases was causing
reauthentication much more often than intended.
* HSM Regenerate Key Support Removed: Vault no longer supports destroying and
regenerating encryption keys on an HSM; it only supports creating them.
Although this has never been a source of a customer incident, it is simply a
code path that is too trivial to activate, especially by mistyping
`regenerate_key` instead of `generate_key`.
* Barrier Config Upgrade (Enterprise): When upgrading from Vault 0.8.x, the
seal type in the barrier config storage entry will be upgraded from
"hsm-auto" to "awskms" or "pkcs11" upon unseal if using AWSKMS or HSM seals.
If performing seal migration, the barrier config should first be upgraded
prior to starting migration.
* Go API client uses pooled HTTP client: The Go API client now uses a
connection-pooling HTTP client by default. For CLI operations this makes no
difference but it should provide significant performance benefits for those
writing custom clients using the Go API library. As before, this can be
changed to any custom HTTP client by the caller.
* Builtin Secret Engines and Auth Methods are integrated deeper into the
plugin system. The plugin catalog can now override builtin plugins with
custom versions of the same name. Additionally the plugin system now
requires a plugin `type` field when configuring plugins, this can be "auth",
"database", or "secret".
FEATURES:
* **Auto-Unseal in Open Source**: Cloud-based auto-unseal has been migrated
from Enterprise to Open Source. We've created a migrator to allow migrating
between Shamir seals and auto unseal methods.
* **Batch Tokens**: Batch tokens trade off some features of service tokens for no
storage overhead, and in most cases can be used across performance
replication clusters.
* **Replication Speed Improvements**: We've worked hard to speed up a lot of
operations when using Vault Enterprise Replication.
* **GCP KMS Secrets Engine**: This new secrets engine provides a Transit-like
pattern to keys stored within GCP Cloud KMS.
* **AppRole support in Vault Agent Auto-Auth**: You can now use AppRole
credentials when having Agent automatically authenticate to Vault
* **OpenAPI Support**: Descriptions of mounted backends can be served directly
from Vault
* **Kubernetes Projected Service Account Tokens**: Projected Service Account
Tokens are now supported in Kubernetes auth
* **Response Wrapping in UI**: Added ability to wrap secrets and easily copy
the wrap token or secret JSON in the UI
IMPROVEMENTS:
* agent: Support for configuring the location of the kubernetes service account
[GH-5725]
* auth/token: New tokens are indexed in storage HMAC-SHA256 instead of SHA1
* secret/totp: Allow @ character to be part of key name [GH-5652]
* secret/consul: Add support for new policy based tokens added in Consul 1.4
[GH-5586]
* ui: Improve the token auto-renew warning, and automatically begin renewal
when a user becomes active again [GH-5662]
* ui: The unbundled UI page now has some styling [GH-5665]
* ui: Improved banner and popup design [GH-5672]
* ui: Added token type to auth method mount config [GH-5723]
* ui: Display additonal wrap info when unwrapping. [GH-5664]
* ui: Empty states have updated styling and link to relevant actions and
documentation [GH-5758]
* ui: Allow editing of KV V2 data when a token doesn't have capabilities to
read secret metadata [GH-5879]
BUG FIXES:
* agent: Fix auth when multiple redirects [GH-5814]
* cli: Restore the `-policy-override` flag [GH-5826]
* core: Fix rekey progress reset which did not happen under certain
circumstances. [GH-5743]
* core: Migration from autounseal to shamir will clean up old keys [GH-5671]
* identity: Update group memberships when entity is deleted [GH-5786]
* replication/perfstandby: Fix audit table upgrade on standbys [GH-5811]
* replication/perfstandby: Fix redirect on approle update [GH-5820]
* secrets/azure: Fix valid roles being rejected for duplicate ids despite
having distinct scopes
[[GH-16]](https://github.com/hashicorp/vault-plugin-secrets-azure/pull/16)
* storage/gcs: Send md5 of values to GCS to avoid potential corruption
[GH-5804]
* secrets/kv: Fix issue where storage version would get incorrectly downgraded
[GH-5809]
* secrets/kv: Disallow empty paths on a `kv put` while accepting empty paths
for all other operations for backwards compatibility
[[GH-19]](https://github.com/hashicorp/vault-plugin-secrets-kv/pull/19)
* ui: Allow for secret creation in kv v2 when cas_required=true [GH-5823]
* ui: Fix dr secondary operation token generation via the ui [GH-5818]
* ui: Fix the PKI context menu so that items load [GH-5824]
* ui: Update DR Secondary Token generation command [GH-5857]
* ui: Fix pagination bug where controls would be rendered once for each
item when viewing policies [GH-5866]
* ui: Fix bug where `sys/leases/revoke` required 'sudo' capability to show
the revoke button in the UI [GH-5647]
* ui: Fix issue where certain pages wouldn't render in a namespace [GH-5692]
## 0.11.5 (November 13th, 2018)
BUG FIXES:
* agent: Fix issue when specifying two file sinks [GH-5610]
* auth/userpass: Fix minor timing issue that could leak the presence of a
username [GH-5614]
* autounseal/alicloud: Fix issue interacting with the API (Enterprise)
* autounseal/azure: Fix key version tracking (Enterprise)
* cli: Fix panic that could occur if parameters were not provided [GH-5603]
* core: Fix buggy behavior if trying to remount into a namespace
* identity: Fix duplication of entity alias entity during alias transfer
between entities [GH-5733]
* namespaces: Fix tuning of auth mounts in a namespace
* ui: Fix bug where editing secrets as JSON doesn't save properly [GH-5660]
* ui: Fix issue where IE 11 didn't render the UI and also had a broken form
when trying to use tool/hash [GH-5714]
## 0.11.4 (October 23rd, 2018)
CHANGES:
* core: HA lock file is no longer copied during `operator migrate` [GH-5503].
We've categorized this as a change, but generally this can be considered
just a bug fix, and no action is needed.
FEATURES:
* **Transit Key Trimming**: Keys in transit secret engine can now be trimmed to
remove older unused key versions
* **Web UI support for KV Version 2**: Browse, delete, undelete and destroy
individual secret versions in the UI
* **Azure Existing Service Principal Support**: Credentials can
now be generated against an existing service principal
IMPROVEMENTS:
* core: Add last WAL in leader/health output for easier debugging [GH-5523]
* identity: Identity names will now be handled case insensitively by default.
This includes names of entities, aliases and groups [GH-5404]
* secrets/aws: Added role-option max_sts_ttl to cap TTL for AWS STS
credentials [GH-5500]
* secret/database: Allow Cassandra user to be non-superuser so long as it has
role creation permissions [GH-5402]
* secret/radius: Allow setting the NAS Identifier value in the generated
packet [GH-5465]
* secret/ssh: Allow usage of JSON arrays when setting zero addresses [GH-5528]
* secret/transit: Allow trimming unused keys [GH-5388]
* ui: Support KVv2 [GH-5547], [GH-5563]
* ui: Allow viewing and updating Vault license via the UI
* ui: Onboarding will now display your progress through the chosen tutorials
* ui: Dynamic secret backends obfuscate sensitive data by default and
visibility is toggleable
BUG FIXES:
* agent: Fix potential hang during agent shutdown [GH-5026]
* auth/ldap: Fix listing of users/groups that contain slashes [GH-5537]
* core: Fix memory leak during some expiration calls [GH-5505]
* core: Fix generate-root operations requiring empty `otp` to be provided
instead of an empty body [GH-5495]
* identity: Remove lookup check during alias removal from entity [GH-5524]
* secret/pki: Fix TTL/MaxTTL check when using `sign-verbatim` [GH-5549]
* secret/pki: Fix regression in 0.11.2+ causing the NotBefore value of
generated certificates to be set to the Unix epoch if the role value was not
set, instead of using the default of 30 seconds [GH-5481]
* storage/mysql: Use `varbinary` instead of `varchar` when creating HA tables
[GH-5529]
## 0.11.3 (October 8th, 2018)
SECURITY:
* Revocation: A regression in 0.11.2 (OSS) and 0.11.0 (Enterprise) caused
lease IDs containing periods (`.`) to not be revoked properly. Upon startup
when revocation is tried again these should now revoke successfully.
IMPROVEMENTS:
* auth/ldap: Listing of users and groups return absolute paths [GH-5537]
* secret/pki: OID SANs can now specify `*` to allow any value [GH-5459]
BUG FIXES:
* auth/ldap: Fix panic if specific values were given to be escaped [GH-5471]
* cli/auth: Fix panic if `vault auth` was given no parameters [GH-5473]
* secret/database/mongodb: Fix panic that could occur at high load [GH-5463]
* secret/pki: Fix CA generation not allowing OID SANs [GH-5459]
upstream changes:
-----------------
GNU Bison NEWS
* Noteworthy changes in release 3.4.2 (2019-09-12) [stable]
** Bug fixes
In some cases, when warnings are disabled, bison could emit tons of white
spaces as diagnostics.
When running out of memory, bison could crash (found by fuzzing).
When defining twice the EOF token, bison would crash.
New warnings from recent compilers have been addressed in the generated
parsers (yacc.c, glr.c, glr.cc).
When lone carriage-return characters appeared in the input file,
diagnostics could hang forever.
* Noteworthy changes in release 3.4.1 (2019-05-22) [stable]
** Bug fixes
Portability fixes.
* Noteworthy changes in release 3.4 (2019-05-19) [stable]
** Deprecated features
The %pure-parser directive is deprecated in favor of '%define api.pure'
since Bison 2.3b (2008-05-27), but no warning was issued; there is one
now. Note that since Bison 2.7 you are strongly encouraged to use
'%define api.pure full' instead of '%define api.pure'.
** New features
*** Colored diagnostics
As an experimental feature, diagnostics are now colored, controlled by the
new options --color and --style.
To use them, install the libtextstyle library before configuring Bison.
It is available from
https://alpha.gnu.org/gnu/gettext/
for instance
https://alpha.gnu.org/gnu/gettext/libtextstyle-0.8.tar.gz
The option --color supports the following arguments:
- always, yes: Enable colors.
- never, no: Disable colors.
- auto, tty (default): Enable colors if the output device is a tty.
To customize the styles, create a CSS file similar to
/* bison-bw.css */
.warning { }
.error { font-weight: 800; text-decoration: underline; }
.note { }
then invoke bison with --style=bison-bw.css, or set the BISON_STYLE
environment variable to "bison-bw.css".
*** Disabling output
When given -fsyntax-only, the diagnostics are reported, but no output is
generated.
The name of this option is somewhat misleading as bison does more than
just checking the syntax: every stage is run (including checking for
conflicts for instance), except the generation of the output files.
*** Include the generated header (yacc.c)
Before, when --defines is used, bison generated a header, and pasted an
exact copy of it into the generated parser implementation file. If the
header name is not "y.tab.h", it is now #included instead of being
duplicated.
To use an '#include' even if the header name is "y.tab.h" (which is what
happens with --yacc, or when using the Autotools' ylwrap), define
api.header.include to the exact argument to pass to #include. For
instance:
%define api.header.include {"parse.h"}
or
%define api.header.include {<parser/parse.h>}
*** api.location.type is now supported in C (yacc.c, glr.c)
The %define variable api.location.type defines the name of the type to use
for locations. When defined, Bison no longer defines YYLTYPE.
This can be used in programs with several parsers to factor their
definition of locations: let one of them generate them, and the others
just use them.
** Changes
*** Graphviz output
In conformance with the recommendations of the Graphviz team, if %require
"3.4" (or better) is specified, the option --graph generates a *.gv file
by default, instead of *.dot.
*** Diagnostics overhaul
Column numbers were wrong with multibyte characters, which would also
result in skewed diagnostics with carets. Beside, because we were
indenting the quoted source with a single space, lines with tab characters
were incorrectly underlined.
To address these issues, and to be clearer, Bison now issues diagnostics
as GCC9 does. For instance it used to display (there's a tab before the
opening brace):
foo.y:3.37-38: error: $2 of ‘expr’ has no declared type
expr: expr '+' "number" { $$ = $1 + $2; }
^~
It now reports
foo.y:3.37-38: error: $2 of ‘expr’ has no declared type
3 | expr: expr '+' "number" { $$ = $1 + $2; }
| ^~
Other constructs now also have better locations, resulting in more precise
diagnostics.
*** Fix-it hints for %empty
Running Bison with -Wempty-rules and --update will remove incorrect %empty
annotations, and add the missing ones.
*** Generated reports
The format of the reports (parse.output) was improved for readability.
*** Better support for --no-line.
When --no-line is used, the generated files are now cleaner: no lines are
generated instead of empty lines. Together with using api.header.include,
that should help people saving the generated files into version control
systems get smaller diffs.
** Documentation
A new example in C shows an simple infix calculator with a hand-written
scanner (examples/c/calc).
A new example in C shows a reentrant parser (capable of recursive calls)
built with Flex and Bison (examples/c/reccalc).
There is a new section about the history of Yaccs and Bison.
** Bug fixes
A few obscure bugs were fixed, including the second oldest (known) bug in
Bison: it was there when Bison was entered in the RCS version control
system, in December 1987. See the NEWS of Bison 3.3 for the previous
oldest bug.
* Noteworthy changes in release 3.3.2 (2019-02-03) [stable]
** Bug fixes
Bison 3.3 failed to generate parsers for grammars with unused nonterminal
symbols.
* Noteworthy changes in release 3.3.1 (2019-01-27) [stable]
** Changes
The option -y/--yacc used to imply -Werror=yacc, which turns uses of Bison
extensions into errors. It now makes them simple warnings (-Wyacc).
* Noteworthy changes in release 3.3 (2019-01-26) [stable]
A new mailing list was created, Bison Announce. It is low traffic, and is
only about announcing new releases and important messages (e.g., polls
about major decisions to make).
https://lists.gnu.org/mailman/listinfo/bison-announce
** Backward incompatible changes
Support for DJGPP, which has been unmaintained and untested for years, is
removed.
** Deprecated features
A new feature, --update (see below) helps adjusting existing grammars to
deprecations.
*** Deprecated directives
The %error-verbose directive is deprecated in favor of '%define
parse.error verbose' since Bison 3.0, but no warning was issued.
The '%name-prefix "xx"' directive is deprecated in favor of '%define
api.prefix {xx}' since Bison 3.0, but no warning was issued. These
directives are slightly different, you might need to adjust your code.
%name-prefix renames only symbols with external linkage, while api.prefix
also renames types and macros, including YYDEBUG, YYTOKENTYPE,
yytokentype, YYSTYPE, YYLTYPE, etc.
Users of Flex that move from '%name-prefix "xx"' to '%define api.prefix
{xx}' will typically have to update YY_DECL from
#define YY_DECL int xxlex (YYSTYPE *yylval, YYLTYPE *yylloc)
to
#define YY_DECL int xxlex (XXSTYPE *yylval, XXLTYPE *yylloc)
*** Deprecated %define variable names
The following variables, mostly related to parsers in Java, have been
renamed for consistency. Backward compatibility is ensured, but upgrading
is recommended.
abstract -> api.parser.abstract
annotations -> api.parser.annotations
extends -> api.parser.extends
final -> api.parser.final
implements -> api.parser.implements
parser_class_name -> api.parser.class
public -> api.parser.public
strictfp -> api.parser.strictfp
** New features
*** Generation of fix-its for IDEs/Editors
When given the new option -ffixit (aka -fdiagnostics-parseable-fixits),
bison now generates machine readable editing instructions to fix some
issues. Currently, this is mostly limited to updating deprecated
directives and removing duplicates. For instance:
$ cat foo.y
%error-verbose
%define parser_class_name "Parser"
%define api.parser.class "Parser"
%%
exp:;
See the "fix-it:" lines below:
$ bison -ffixit foo.y
foo.y:1.1-14: warning: deprecated directive, use '%define parse.error verbose' [-Wdeprecated]
%error-verbose
^~~~~~~~~~~~~~
fix-it:"foo.y":{1:1-1:15}:"%define parse.error verbose"
foo.y:2.1-34: warning: deprecated directive, use '%define api.parser.class {Parser}' [-Wdeprecated]
%define parser_class_name "Parser"
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
fix-it:"foo.y":{2:1-2:35}:"%define api.parser.class {Parser}"
foo.y:3.1-33: error: %define variable 'api.parser.class' redefined
%define api.parser.class "Parser"
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
foo.y:2.1-34: previous definition
%define parser_class_name "Parser"
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
fix-it:"foo.y":{3:1-3:34}:""
foo.y: warning: fix-its can be applied. Rerun with option '--update'. [-Wother]
This uses the same output format as GCC and Clang.
*** Updating grammar files
Fixes can be applied on the fly. The previous example ends with the
suggestion to re-run bison with the option -u/--update, which results in a
cleaner grammar file.
$ bison --update foo.y
[...]
bison: file 'foo.y' was updated (backup: 'foo.y~')
$ cat foo.y
%define parse.error verbose
%define api.parser.class {Parser}
%%
exp:;
*** Bison is now relocatable
If you pass '--enable-relocatable' to 'configure', Bison is relocatable.
A relocatable program can be moved or copied to a different location on
the file system. It can also be used through mount points for network
sharing. It is possible to make symbolic links to the installed and moved
programs, and invoke them through the symbolic link.
*** %expect and %expect-rr modifiers on individual rules
One can now document (and check) which rules participate in shift/reduce
and reduce/reduce conflicts. This is particularly important GLR parsers,
where conflicts are a normal occurrence. For example,
%glr-parser
%expect 1
%%
...
argument_list:
arguments %expect 1
| arguments ','
| %empty
;
arguments:
expression
| argument_list ',' expression
;
...
Looking at the output from -v, one can see that the shift-reduce conflict
here is due to the fact that the parser does not know whether to reduce
arguments to argument_list until it sees the token _after_ the following
','. By marking the rule with %expect 1 (because there is a conflict in
one state), we document the source of the 1 overall shift-reduce conflict.
In GLR parsers, we can use %expect-rr in a rule for reduce/reduce
conflicts. In this case, we mark each of the conflicting rules. For
example,
%glr-parser
%expect-rr 1
%%
stmt:
target_list '=' expr ';'
| expr_list ';'
;
target_list:
target
| target ',' target_list
;
target:
ID %expect-rr 1
;
expr_list:
expr
| expr ',' expr_list
;
expr:
ID %expect-rr 1
| ...
;
In a statement such as
x, y = 3, 4;
the parser must reduce x to a target or an expr, but does not know which
until it sees the '='. So we notate the two possible reductions to
indicate that each conflicts in one rule.
This feature needs user feedback, and might evolve in the future.
*** C++: Actual token constructors
When variants and token constructors are enabled, in addition to the
type-safe named token constructors (make_ID, make_INT, etc.), we now
generate genuine constructors for symbol_type.
For instance with these declarations
%token ':'
<std::string> ID
<int> INT;
you may use these constructors:
symbol_type (int token, const std::string&);
symbol_type (int token, const int&);
symbol_type (int token);
Correct matching between token types and value types is checked via
'assert'; for instance, 'symbol_type (ID, 42)' would abort. Named
constructors are preferable, as they offer better type safety (for
instance 'make_ID (42)' would not even compile), but symbol_type
constructors may help when token types are discovered at run-time, e.g.,
[a-z]+ {
if (auto i = lookup_keyword (yytext))
return yy::parser::symbol_type (i);
else
return yy::parser::make_ID (yytext);
}
*** C++: Variadic emplace
If your application requires C++11 and you don't use symbol constructors,
you may now use a variadic emplace for semantic values:
%define api.value.type variant
%token <std::pair<int, int>> PAIR
in your scanner:
int yylex (parser::semantic_type *lvalp)
{
lvalp->emplace <std::pair<int, int>> (1, 2);
return parser::token::PAIR;
}
*** C++: Syntax error exceptions in GLR
The glr.cc skeleton now supports syntax_error exceptions thrown from user
actions, or from the scanner.
*** More POSIX Yacc compatibility warnings
More Bison specific directives are now reported with -y or -Wyacc. This
change was ready since the release of Bison 3.0 in September 2015. It was
delayed because Autoconf used to define YACC as `bison -y`, which resulted
in numerous warnings for Bison users that use the GNU Build System.
If you still experience that problem, either redefine YACC as `bison -o
y.tab.c`, or pass -Wno-yacc to Bison.
*** The tables yyrhs and yyphrs are back
Because no Bison skeleton uses them, these tables were removed (no longer
passed to the skeletons, not even computed) in 2008. However, some users
have expressed interest in being able to use them in their own skeletons.
** Bug fixes
*** Incorrect number of reduce-reduce conflicts
On a grammar such as
exp: "num" | "num" | "num"
bison used to report a single RR conflict, instead of two. This is now
fixed. This was the oldest (known) bug in Bison: it was there when Bison
was entered in the RCS version control system, in December 1987.
Some grammar files might have to adjust their %expect-rr.
*** Parser directives that were not careful enough
Passing invalid arguments to %nterm, for instance character literals, used
to result in unclear error messages.
** Documentation
The examples/ directory (installed in .../share/doc/bison/examples) has
been restructured per language for clarity. The examples come with a
README and a Makefile. Not only can they be used to toy with Bison, they
can also be starting points for your own grammars.
There is now a Java example, and a simple example in C based on Flex and
Bison (examples/c/lexcalc/).
** Changes
*** Parsers in C++
They now use noexcept and constexpr. Please, report missing annotations.
*** Symbol Declarations
The syntax of the variation directives to declare symbols was overhauled
for more consistency, and also better POSIX Yacc compliance (which, for
instance, allows "%type" without actually providing a type). The %nterm
directive, supported by Bison since its inception, is now documented and
officially supported.
The syntax is now as follows:
%token TAG? ( ID NUMBER? STRING? )+ ( TAG ( ID NUMBER? STRING? )+ )*
%left TAG? ( ID NUMBER? )+ ( TAG ( ID NUMBER? )+ )*
%type TAG? ( ID | CHAR | STRING )+ ( TAG ( ID | CHAR | STRING )+ )*
%nterm TAG? ID+ ( TAG ID+ )*
where TAG denotes a type tag such as ‘<ival>’, ID denotes an identifier
such as ‘NUM’, NUMBER a decimal or hexadecimal integer such as ‘300’ or
‘0x12d’, CHAR a character literal such as ‘'+'’, and STRING a string
literal such as ‘"number"’. The post-fix quantifiers are ‘?’ (zero or
one), ‘*’ (zero or more) and ‘+’ (one or more).
Patches:
8.1.1779 not showing the popup window right border is confusing
8.1.1780 warning for file no longer available is repeated
8.1.1781 Amiga: no builtin OS readable version info
8.1.1782 MS-Windows: system() has temp file error with 'noshelltemp'
8.1.1783 MS-Windows: compiler test may fail when using %:S
8.1.1784 MS-Windows: resolve() does not work if serial nr duplicated
8.1.1785 map functionality mixed with character input
8.1.1786 double click in popup scrollbar starts selection
8.1.1787 cannot resize a popup window
8.1.1788 missing changes in proto file
8.1.1789 cannot see file name of preview popup window
8.1.1790 :mkvimrc is not tested
8.1.1791 'completeslash' also applies to globpath()
8.1.1792 the vgetorpeek() function is too long
8.1.1793 mixed comment style in globals
8.1.1794 tests are flaky
8.1.1795 no syntax HL after splitting windows with :bufdo
8.1.1796 :argdo is not tested
8.1.1797 the vgetorpeek() function is too long
8.1.1798 warning for unused variable in tiny version
8.1.1799 cannot avoid mapping for a popup window
8.1.1800 function call functions have too many arguments
8.1.1801 cannot build without the +eval feature
8.1.1802 missing change to call_callback()
8.1.1803 all builtin functions are global
8.1.1804 no test for display updating without a scroll region
8.1.1805 au_did_filetype is declared twice
8.1.1806 test for display updating doesn't check without statusline
8.1.1807 more functions can be used as a method
8.1.1808 build failure for tiny version
8.1.1809 more functions can be used as a method
8.1.1810 popup_getoptions() is missing an entry for "mapping"
8.1.1811 popup window color cannot be set to "Normal"
8.1.1812 reading a truncted undo file hangs Vim
8.1.1813 ATTENTION prompt for a preview popup window
8.1.1814 a long title in a popup window overflows
8.1.1815 duplicating info for internal functions
8.1.1816 cannot use a user defined function as a method
8.1.1817 github contribution text is incomplete
8.1.1818 unused variable
8.1.1819 :pedit does not work with a popup preview window
8.1.1820 using expr->FuncRef() does not work
8.1.1821 no test for wrong number of method arguments
8.1.1822 confusing error message when range is not allowed
8.1.1823 command line history code is spread out
8.1.1824 crash when correctly spelled word is very long
8.1.1825 allocating more memory than needed for extended structs
8.1.1826 tests use hand coded feature and option checks
8.1.1827 allocating more memory than needed for extended structs
8.1.1828 not strict enough checking syntax of method invocation
8.1.1829 difference in screenshots
8.1.1830 Travis does not report error when tests fail
8.1.1831 confusing skipped message
8.1.1832 win_execute() does not work in other tab
8.1.1833 allocating a bit too much when there is no bad word.
8.1.1834 cannot use a lambda as a method
8.1.1835 cannot use printf() as a method
8.1.1836 inaccurate memory estimate for Amiga-like OS
8.1.1837 popup test fails if clipboard is supported but not working
8.1.1838 there is :spellwrong and :spellgood but not :spellrare
8.1.1839 insufficient info when test fails because of screen size
8.1.1840 Testing: WorkingClipboard() is not accurate
8.1.1841 no test for Ex shift commands
8.1.1842 test listed as flaky should no longer be flaky
8.1.1843 might be freeing memory that was not allocated
8.1.1844 buffer no longer unloaded when adding text properties
8.1.1845 may use NULL pointer when running out of memory
8.1.1846 inconsistently using GetVimCommand() and v:progpath
8.1.1847 suspend test is failing
8.1.1848 'langmap' is not used for CTRL-W command in terminal
8.1.1849 some insert complete functions in the wrong file
8.1.1850 focus may remain in popup window
8.1.1851 crash when sound_playfile() callback plays sound
8.1.1852 timers test is flaky
8.1.1853 timers test is still flaky
8.1.1854 now another timer test is flaky
8.1.1855 another failing timer test
8.1.1856 popup preview test fails sometimes
8.1.1857 cannot use modifier with multi-byte character
8.1.1858 test for multi-byte mapping fails on some systems
8.1.1859 timer test sometimes fails on Mac
8.1.1860 map timeout test is flaky
8.1.1861 only some assert functions can be used as a method
8.1.1862 Coverity warns for not using return value
8.1.1863 confusing error when using a builtin function as method
8.1.1864 still a timer test that is flaky on Mac
8.1.1865 spellrare and spellrepall in the wrong order
8.1.1866 modeless selection in GUI does not work properly
8.1.1867 still a timer test that is flaky on Mac
8.1.1868 multi-byte chars in 'listchars' fail with 'linebreak' set
8.1.1869 code for the argument list is spread out
8.1.1870 using :pedit from a help file sets help filetype
8.1.1871 modeless selection in GUI still not correct
8.1.1872 when Vim exits because of a signal, VimLeave is not triggered
8.1.1873 cannot build tiny version
8.1.1874 modeless selection in popup window overlaps scrollbar
8.1.1875 cannot get size and position of the popup menu
8.1.1876 proto file missing from distribution
8.1.1877 graduated features scattered
8.1.1878 negative float before method not parsed correctly
8.1.1879 more functions can be used as methods
8.1.1880 cannot show extra info for completion in a popup window
8.1.1881 popup window test fails in some configurations
8.1.1882 cannot specify properties of the info popup window
8.1.1883 options test fails
8.1.1884 cannot use mouse scroll wheel in popup in Insert mode
8.1.1885 comments in libvterm are inconsistent
8.1.1886 command line expansion code is spread out
8.1.1887 the +cmdline_compl feature is not in the tiny version
8.1.1888 more functions can be used as methods
8.1.1889 Coverity warns for using a NULL pointer
8.1.1890 ml_get error when deleting fold marker
8.1.1891 functions used in one file are global
8.1.1892 missing index entry and option menu for 'completepopup'
8.1.1893 script to summarize test results can be improved
8.1.1894 not checking for out-of-memory of autoload_name()
8.1.1895 using NULL pointer when out of memory
8.1.1896 compiler warning for unused variable
8.1.1897 may free memory twice when out of memory
8.1.1898 crash when out of memory during startup
8.1.1899 sign_place() does not work as documented
8.1.1900 sign test fails in the GUI
8.1.1901 the +insert_expand feature is not always available
8.1.1902 cannot have an info popup without a border
8.1.1903 cannot build without the +eval feature
8.1.1904 cannot have an info popup align with the popup menu
8.1.1905 cannot set all properties of the info popup
8.1.1906 info popup size is sometimes incorrect
8.1.1907 wrong position for info popup with scrollbar on the left
8.1.1908 every popup window consumes a buffer number
8.1.1909 more functions can be used as methods
8.1.1910 redrawing too much when toggling 'relativenumber'
8.1.1911 more functions can be used as methods
8.1.1912 more functions can be used as methods
8.1.1913 not easy to compute the space on the command line
8.1.1914 command line expansion code is spread out
8.1.1915 more functions can be used as methods
8.1.1916 trying to allocate negative amount of memory closing popup
8.1.1917 non-current window is not redrawn when moving popup
8.1.1918 redrawing popups is inefficient
8.1.1919 using window options when passing a buffer to popup_create()
8.1.1920 cannot always close a popup when filter consumes all events
8.1.1921 more functions can be used as methods
8.1.1922 in diff mode global operations can be very slow
8.1.1923 some source files are not in a normal encoding
8.1.1924 using empty string for current buffer is unexpected
8.1.1925 more functions can be used as methods
8.1.1926 cursorline not redrawn when putting a line above the cursor
8.1.1927 code for dealing with script files is spread out
8.1.1928 popup windows don't move with the text when making changes
8.1.1929 no tests for text property popup window
8.1.1930 cannot recognize .jsx and .tsx files
8.1.1931 syntax test fails
8.1.1932 ml_get errors after using append()
8.1.1933 the eval.c file is too big
8.1.1934 not enough tests for text property popup window
8.1.1935 test for text property popup window is flaky
8.1.1936 not enough tests for text property popup window
8.1.1937 errors when using javascriptreact
8.1.1938 may crash when out of memory
8.1.1939 code for handling v: variables in generic eval file
8.1.1940 script tests fail
8.1.1941 getftype() test fails on Mac
8.1.1942 shadow directory gets outdated when files are added
8.1.1943 more code can be moved to evalvars.c
8.1.1944 leaking memory when using sound callback
8.1.1945 popup window "firstline" cannot be reset
8.1.1946 memory error when profiling a function without a script ID
8.1.1947 when executing one test the report doesn't show it
8.1.1948 mouse doesn't work in Linux console
8.1.1949 cannot scroll a popup window to the very bottom
8.1.1950 using NULL pointer after an out-of-memory
8.1.1951 mouse double click test is a bit flaky
8.1.1952 more functions can be used as a method
8.1.1953 more functions can be used as a method
8.1.1954 more functions can be used as a method
8.1.1955 tests contain typos
8.1.1956 screenshot tests may use a different encoding
8.1.1957 more code can be moved to evalvars.c
8.1.1958 old style comments taking up space
8.1.1959 when using "firstline" in popup window text may jump
8.1.1960 fold code is spread out
8.1.1961 more functions can be used as a method
8.1.1962 leaking memory when using tagfunc()
8.1.1963 popup window filter may be called recursively
8.1.1964 crash when using nested map() and filter()
8.1.1965 search count message is not displayed when using a mapping
8.1.1966 some code in options.c fits better elsewhere
8.1.1967 line() only works for the current window
8.1.1968 crash when using nested map()
8.1.1969 popup window filter is used in all modes
8.1.1970 search stat space wrong, no test for 8.1.1965
8.1.1971 manually enabling features causes build errors
8.1.1972 no proper test for getchar()
8.1.1973 cannot build without the quickfix feature
8.1.1974 Coverity warns for using pointer as array
8.1.1975 MS-Windows GUI responds slowly to timer
8.1.1976 Travis log always shows test output
8.1.1977 terminal debugger plugin may hang
8.1.1978 the eval.c file is too big
8.1.1979 code for handling file names is spread out
8.1.1980 fix for search stat not tested
8.1.1981 the evalfunc.c file is too big
8.1.1982 more functions can be used as methods
8.1.1983 compiler nags for uninitialized variable and unused function
8.1.1984 more functions can be used as methods
8.1.1985 code for dealing with paths is spread out
8.1.1986 more functions can be used as methods
8.1.1987 more functions can be used as methods
8.1.1988 :startinsert! does not work the same way as "A"
8.1.1989 the evalfunc.c file is still too big
8.1.1990 cannot build with eval but without cscope
8.1.1991 still cannot build with eval but without cscope
8.1.1992 the search stat moves when wrapping at the end of the buffer
8.1.1993 more functions can be used as methods
8.1.1994 MS-Windows: cannot build with eval but without cscope
8.1.1995 more functions can be used as methods
8.1.1996 more functions can be used as methods
8.1.1997 no redraw after a popup window filter is invoked
8.1.1998 redraw even when no popup window filter was invoked
8.1.1999 calling both PlaySoundW() and PlaySoundA()
8.1.2000 plugin cannot get the current IME status
8.1.2001 some source files are too big
8.1.2002 version number 2000 missing
8.1.2003 MS-Windows: code page 65001 is not recognized
8.1.2004 more functions can be used as methods
8.1.2005 the regexp.c file is too big
8.1.2006 build failure with huge features but without channel feature
8.1.2007 no test for what 8.1.1926 fixes
8.1.2008 error for invalid range when using listener and undo
8.1.2009 cursorline highlighting not updated in popup window
8.1.2010 new file uses old style comments
8.1.2011 more functions can be used as methods
8.1.2012 more functions can be used as methods
8.1.2013 more functions can be used as methods
8.1.2014 terminal altscreen test fails sometimes
8.1.2015 terminal altscreen test still fails sometimes
8.1.2016 terminal altscreen test now fails on MS-Windows
8.1.2017 cannot execute commands after closing the cmdline window
8.1.2018 using freed memory when out of memory and displaying message
8.1.2019 'cursorline' always highlights the whole line
8.1.2020 it is not easy to change the window layout
8.1.2021 some global functions can be local to the file
8.1.2022 the option.c file is too big
8.1.2023 no test for synIDattr() returning "strikethrough"
8.1.2024 delete call commented out for debugging
8.1.2025 MS-Windows: Including shlguid.h causes problems for msys2
8.1.2026 possibly using uninitialized memory
8.1.2027 MS-Windows: problem with ambiwidth characters
8.1.2028 options test script does not work
8.1.2029 cannot control 'cursorline' highlighting well
8.1.2030 tests fail when build with normal features and terminal
8.1.2031 cursor position wrong when resizing and using conceal
8.1.2032 scrollbar thumb wrong in popup window
8.1.2033 cannot build with tiny features
8.1.2034 dark theme of GTK 3 not supported
8.1.2035 recognizing octal numbers is confusing
8.1.2036 the str2nr() tests fail
8.1.2037 can call win_gotoid() in cmdline window
8.1.2038 has('vimscript-4') is always 0
8.1.2039 character from 'showbreak' does not use 'wincolor'
8.1.2040 no highlighting of current line in quickfix window
8.1.2041 no test for diff mode with syntax highlighting
8.1.2042 the evalfunc.c file is too big
8.1.2043 not sufficient testing for quoted numbers
8.1.2044 no easy way to process postponed work
8.1.2045 the option.c file is too big
8.1.2046 SafeState may be triggered at the wrong moment
8.1.2047 cannot check the current state
8.1.2048 not clear why SafeState and SafeStateAgain are not triggered
8.1.2049 cannot build tiny version
8.1.2050 popup window test fails in some configurations
8.1.2051 double-click test is a bit flaky
8.1.2052 using "x" before a closed fold may delete that fold
8.1.2053 SafeStateAgain not triggered if callback uses feedkeys()
8.1.2054 compiler test for Perl may fail
8.1.2055 not easy to jump to function line from profile
8.1.2056 "make test" for indent files doesn't cause make to fail
8.1.2057 the screen.c file is much too big
8.1.2058 function for ex command is named inconsistently
8.1.2059 fix for "x" deleting a fold has side effects
8.1.2060 "precedes" in 'listchars' not used properly
8.1.2061 MS-Windows GUI: ":sh" crashes when trying to use a terminal
8.1.2062 the mouse code is spread out
8.1.2063 some tests fail when +balloon_eval_term is missing
8.1.2064 MS-Windows: compiler warnings for unused arguments
8.1.2065 compiler warning building non-GUI with MinGW.
8.1.2066 no tests for state()
8.1.2067 no tests for SafeState and SafeStateAgain
8.1.2068 test for SafeState and SafeStateAgain may fail
8.1.2069 test for SafeStateAgain may still fail
8.1.2070 mouse code is spread out
8.1.2071 when 'wincolor' is set text property changes highlighting
8.1.2072 "gk" moves to start of line instead of upwards
8.1.2073 when editing a buffer 'colorcolumn' may not work
8.1.2074 test for SafeState autocommand is a bit flaky
8.1.2075 get many log messages when waiting for a typed character
8.1.2076 crash when trying to put a terminal in a popup window
8.1.2077 the ops.c file is too big
8.1.2078 build error with +textprop but without +terminal
8.1.2079 popup window test fails without +terminal
8.1.2080 the terminal API is limited and can't be disabled
8.1.2081 the spell.c file is too big
8.1.2082 some files have a weird name to fit in 8.3 characters
8.1.2083 multi-byte chars do not work properly with "%.*S" in printf()
8.1.2084 Amiga: cannot get the user name
8.1.2085 MS-Windows: draw error moving cursor over double-cell char
8.1.2086 missing a few changes for the renamed files
8.1.2087 cannot easily select one test function to execute
8.1.2088 renamed libvterm mouse.c file not in distributed file list
8.1.2089 do not get a hint that $TEST_FILTER was active
8.1.2090 not clear why channel log file ends
8.1.2091 double free when memory allocation fails
8.1.2092 MS-Windows: redirect in system() does not work
8.1.2093 MS-Windows: system() test fails
8.1.2094 the fileio.c file is too big
8.1.2095 leaking memory when getting item from dict
8.1.2096 too many #ifdefs
8.1.2097 :mksession is not sufficiently tested
8.1.2098 mksession test fails on MS-Windows
8.1.2099 state() test fails on some Mac systems
8.1.2100 :mksession is not sufficiently tested
8.1.2101 write_session_file() often defined but not used
8.1.2102 can't build with GTK and FEAT_GUI_GNOME
8.1.2103 wrong error message if "termdebugger" is not executable
8.1.2104 the normal.c file is too big
8.1.2105 MS-Windows: system() may crash
8.1.2106 no tests for dragging the mouse beyond the window
8.1.2107 various memory leaks reported by asan
8.1.2108 cannot close the cmdline window from CmdWinEnter
8.1.2109 popup_getoptions() hangs with tab-local popup
8.1.2110 CTRL-C closes two popups instead of one
8.1.2111 viminfo file not sufficiently tested
8.1.2112 build number for ConPTY is outdated
8.1.2113 ":help expr-!~?" only works after searching
8.1.2114 when a popup is closed with CTRL-C the callback aborts
8.1.2115 MS-Windows: shell commands fail if &shell contains a space
8.1.2116 no check for out of memory
8.1.2117 CursorLine highlight used while 'cursorline' is off
8.1.2118 termcodes test fails when $TERM is "dumb"
8.1.2119 memory access error for empty string
8.1.2120 some MB_ macros are more complicated than necessary
8.1.2121 mode is not updated when switching to terminal
8.1.2122 cannot build without terminal feature
8.1.2123 parsing CSI sequence is messy
8.1.2124 ruler is not updated if win_execute() moves cursor
8.1.2125 fnamemodify() fails when repeating :e
8.1.2126 viminfo not sufficiently tested
8.1.2127 the indent.c file is a bit big
8.1.2128 renamed libvterm sources makes merging difficult
8.1.2129 using hard coded executable path in test
8.1.2130 MSVC build fails
8.1.2131 MSVC tests fail
8.1.2132 MS-Windows: screen mess when not recognizing insider build
8.1.2133 some tests fail when run as root
8.1.2134 modifier keys are not always recognized
8.1.2135 with modifyOtherKeys Alt-a does not work properly
8.1.2136 using freed memory with autocmd from fuzzer
8.1.2137 parsing the termresponse is not tested
8.1.2138 including the build number in the Win32 binary is confusing
8.1.2139 the modifyOtherKeys codes are not tested
8.1.2140 "gk" and "gj" do not work correctly in number column
8.1.2141 :tselect has an extra hit-enter prompt
8.1.2142 some key mappings do not work with modifyOtherKeys
8.1.2143 cannot see each command even when 'verbose' is set
8.1.2144 side effects when using t_ti to enable modifyOtherKeys
8.1.2145 cannot map <C-H> when modifyOtherKeys is enabled
8.1.2146 build failure
8.1.2147 crash when allocating memory fails
8.1.2148 no test for right click extending Visual area
8.1.2149 crash when running out of memory very early
8.1.2150 no test for 'ttymouse' set from xterm version response
8.1.2151 state test is a bit flaky
8.1.2152 problems navigating tags file on MacOS Catalina
8.1.2153 combining text property and syntax highlight is wrong
8.1.2154 quickfix window height wrong when there is a tabline
8.1.2155 in a terminal window 'cursorlineopt' does not work properly
8.1.2156 first character after Tab is not highlighted
8.1.2157 libvterm source files missing from distribution
8.1.2158 terminal attributes missing in Terminal-normal mode
8.1.2159 some mappings are listed twice
8.1.2160 cannot build with +syntax but without +terminal
8.1.2161 mapping test fails
8.1.2162 popup resize test is flaky
8.1.2163 cannot build with +spell but without +syntax
8.1.2164 stuck when using "j" in a popupwin with popup_filter_menu
8.1.2165 mapping test fails on Mac
8.1.2166 rubyeval() not tested as a method
8.1.2167 mapping test fails on MS-Windows
8.1.2168 heredoc assignment not skipped in if block
8.1.2169 terminal flags are never reset
8.1.2170 cannot build without the +termresponse feature
8.1.2171 mouse support not always available
8.1.2172 spell highlight is wrong at start of the line
8.1.2173 searchit() has too many arguments
8.1.2174 screen not recognized as supporting "sgr" mouse codes
8.1.2175 meson files are not recognized
8.1.2176 syntax attributes not combined with Visual highlighting
8.1.2177 Dart files are not recognized
8.1.2178 accessing uninitialized memory in test
8.1.2179 pressing "q" at the more prompt doesn't stop Python output
8.1.2180 Error E303 is not useful when 'directory' is empty
8.1.2181 highlighting wrong when item follows tab
8.1.2182 test42 seen as binary by git diff
8.1.2183 running a test is a bit verbose
8.1.2184 option context is not copied when splitting a window
8.1.2185 syntax test fails
8.1.2186 cannot build without the +eval feature
8.1.2187 error for bad regexp even though regexp is not used
8.1.2188 build error for missing define
8.1.2189 syntax highlighting wrong for tab
8.1.2190 syntax test fails on Mac
8.1.2191 when using modifyOtherKeys CTRL-X mode may not work
8.1.2192 cannot easily fill the info popup asynchronously
8.1.2193 popup_setoptions(popup_getoptions()) does not work
8.1.2194 modifyOtherKeys is not enabled by default
8.1.2195 Vim does not exit when the terminal window is last window
8.1.2196 MS-Windows: running tests with MSVC lacks updates
8.1.2197 ExitPre autocommand may cause accessing freed memory
8.1.2198 crash when using :center in autocommand
8.1.2199 build failure when using normal features without GUI
8.1.2200 crash when memory allocation fails
Changes:
5.2.4:
Props to Evan Ricafort for finding an issue where stored XSS (cross-site scripting) could be added via the Customizer.
Props to J.D. Grimes who found and disclosed a method of viewing unauthenticated posts.
Props to Weston Ruter for finding a way to create a stored XSS to inject Javascript into style tags.
Props to David Newman for highlighting a method to poison the cache of JSON GET requests via the Vary: Origin header.
Props to Eugene Kolodenker who found a server-side request forgery in the way that URLs are validated.
Props to Ben Bidner of the WordPress Security Team who discovered issues related to referrer validation in the admin.
5.2.3:
#38415: New Custom Link menu item has a wrong fallback label
#45739: Block Editor: $editor_styles bug.
#45935: A URL in do_block_editor_incompatible_meta_box function does not have classic-editor__forget parameter
#46757: Media Trash: The Bulk Media options when in the Trash shouldn’t provide two primary buttons
#46758: Media Trash: Primary button(s) should be on the left
#46899: Ensure that tables generated by the Settings API have no semantics
#47079: Incorrect version for excerpt_allowed_blocks filter
#47113: Media views: dismiss notice button is invisible
#47145: Feature Image dialog does not follow the dialog pattern
#47190: Twenty Seventeen: Native audio and video embeds have no focus state.
#47340: Twenty Nineteen: Revise Latest Posts block styles to support post content options.
#47386: Fix headings hierarchy in the legacy Custom Background and Custom Header pages
#47390: Improve accessibility of forms elements within some “form-table” forms
#47414: Twenty Seventeen: Button block preview has extra spacing within button
#47458: Fix tab sequence order in the Media attachment browser
#47489: Emoji are substituted in preformatted blocks
#47502: Media modal bottom toolbar cuts-off content in Internet Explorer 11
#47538: Minor Verbiage Update – Switch ‘developer time’ for ‘a developer’
#47543: Twenty Seventeen: buttons don’t change color on hover and focus
#47561: Plugin: View details popup layout issue
#47603: My account toggle on admin bar not visible at high zoom levels
#47604: Undefined variable: locked in wp-admin/edit-form-blocks.php
#47687: Use alt tags for gallery images in editor
#47688: Color hex code in color picker displayed in RTL instead of LTR on RTL install (take 2)
#47693: customizer Color picker should get closed when click on color picker area.
#47723: Adding a custom link in nav-menus.php doesn’t trim whitespace
#47758: Font sizes on installation screen are too small
#47835: PHP requirement always set to null for plugins
#47888: Adding a custom link in menu via Customize doesn’t trim whitespace.
Security Fixes
Props to Simon Scannell of RIPS Technologies for finding and disclosing two issues. The first, a cross-site scripting (XSS) vulnerability found in post previews by contributors. The second was a cross-site scripting vulnerability in stored comments.
Props to Tim Coen for disclosing an issue where validation and sanitization of a URL could lead to an open redirect.
Props to Anshul Jain for disclosing reflected cross-site scripting during media uploads.
Props to Zhouyuan Yang of Fortinet’s FortiGuard Labs who disclosed a vulnerability that for cross-site scripting (XSS) in shortcode previews.
Props to Ian Dunn of the Core Security Team for finding and disclosing a case where reflected cross-site scripting could be found in the dashboard.
Props to Soroush Dalili (@irsdl) from NCC Group for disclosing an issue with URL sanitization that can lead to cross-site scripting (XSS) attacks.
In addition to the above changes, we are also updating jQuery on older versions of WordPress. This change was added in 5.2.1 and is now being brought to older versions.
From Clement Bouvier in PR pkg/54418, modified to be in the existing
PLIST file, to make it obvious for non-macos updates that if a new
file gets added, it shoudl be added for the mac variant naming as well.
sched_setscheduler needed by this package.
XXX would be nicer to have done this via an upstream-friendly
config test.
Omitting PKGREVISION bump since it's a compile fix.
From Clement Bouvier in PR pkg/54416.
Xpdf is a viewer for Portable Document Format (PDF) files using the Qt toolkit.
Note: this version does not include the command line tools because they
conflict with poppler-utils.
pytest 5.2.1:
Bug Fixes
* Fix warnings about deprecated cmp attribute in attrs>=19.2.
pytest 5.2.0:
Deprecations
* Passing arguments to pytest.fixture() as positional arguments is deprecated - pass them as a keyword argument instead.
Features
* The scope parameter of @pytest.fixture can now be a callable that receives the fixture name and the config object as keyword-only parameters. See the docs for more information.
* New behavior of the --pastebin option: failures to connect to the pastebin server are reported, without failing the pytest run
Bug Fixes
* Fix “lexer” being used when uploading to bpaste.net from --pastebin to “text”.
* Fix --setup-only and --setup-show for custom pytest items.
Trivial/Internal Changes
* The HelpFormatter uses py.io.get_terminal_width for better width detection.
pytest 5.1.3:
Bug Fixes
* Fix pypy3.6 (nightly) on windows.
* Handle --fulltrace correctly with pytest.raises.
* Windows: Fix regression with conftest whose qualified name contains uppercase characters.
pytest 5.1.2:
Bug Fixes
* Fixed self reference in function-scoped fixtures defined plugin classes: previously self would be a reference to a test class, not the plugin class.
* Fixed long standing issue where fixture scope was not respected when indirect fixtures were used during parametrization.
* Fix decoding error when printing an error response from --pastebin.
* Chained exceptions in test and collection reports are now correctly serialized, allowing plugins like pytest-xdist to display them properly.
* Windows: Fix error that occurs in certain circumstances when loading conftest.py from a working directory that has casing other than the one stored in the filesystem (e.g., c:\test instead of C:\test).
pytest 5.1.1:
Bug Fixes
* Fixed TypeError when importing pytest on Python 3.5.0 and 3.5.1.
pytest 5.1.0:
Removals
* As per our policy, the following features have been deprecated in the 4.X series and are now removed:
Request.getfuncargvalue: use Request.getfixturevalue instead.
pytest.raises and pytest.warns no longer support strings as the second argument.
message parameter of pytest.raises.
pytest.raises, pytest.warns and ParameterSet.param now use native keyword-only syntax. This might change the exception message from previous versions, but they still raise TypeError on unknown keyword arguments as before.
pytest.config global variable.
tmpdir_factory.ensuretemp method.
pytest_logwarning hook.
RemovedInPytest4Warning warning type.
request is now a reserved name for fixtures.
For more information consult Deprecations and Removals in the docs.
* Removed unused support code for unittest2.
* pytest.fail, pytest.xfail and pytest.skip no longer support bytes for the message argument.
Features
* New Config.invocation_args attribute containing the unchanged arguments passed to pytest.main().
* New NUMBER option for doctests to ignore irrelevant differences in floating-point numbers. Inspired by Sébastien Boisgérault’s numtest extension for doctest.
Improvements
* JUnit XML now includes a timestamp and hostname in the testsuite tag.
* Time taken to run the test suite now includes a human-readable representation when it takes over 60 seconds, for example:
Bug Fixes
* Fix RuntimeError/StopIteration when trying to collect package with “__init__.py” only.
* Warnings issued during pytest_configure are explicitly not treated as errors, even if configured as such, because it otherwise completely breaks pytest.
* The XML file produced by --junitxml now correctly contain a <testsuites> root element.
* Fix issue where tmp_path and tmpdir would not remove directories containing files marked as read-only, which could lead to pytest crashing when executed a second time with the --basetemp option.
* Replace importlib_metadata backport with importlib.metadata from the standard library on Python 3.8+.
* Improve type checking for some exception-raising functions (pytest.xfail, pytest.skip, etc) so they provide better error messages when users meant to use marks (for example @pytest.xfail instead of @pytest.mark.xfail).
* Fixed internal error when test functions were patched with objects that cannot be compared for truth values against others, like numpy arrays.
* pytest.exit is now correctly handled in unittest cases. This makes unittest cases handle quit from pytest’s pdb correctly.
* Improved output when parsing an ini configuration file fails.
* Fix collection of staticmethod objects defined with functools.partial.
* Skip async generator test functions, and update the warning message to refer to async def functions.
Improved Documentation
* Add docstring for Testdir.copy_example.
Trivial/Internal Changes
* XML files of the xunit2 family are now validated against the schema by pytest’s own test suite to avoid future regressions.
* Cache node splitting function which can improve collection performance in very large test suites.
* Simplified internal SafeRepr class and removed some dead code.
* When invoking pytest’s own testsuite with PYTHONDONTWRITEBYTECODE=1, the test_xfail_handling test no longer fails.
* Replace manual handling of OSError.errno in the codebase by new OSError subclasses (PermissionError, FileNotFoundError, etc.).
pytest 5.0.1:
Bug Fixes
* Improve quoting in raises match failure message.
* Fixed using multiple short options together in the command-line (for example -vs) in Python 3.8+.
* --step-wise now handles xfail(strict=True) markers properly.
Improved Documentation
* Improve “Declaring new hooks” section in chapter “Writing Plugins”
pytest 5.0.0:
Important
This release is a Python3.5+ only release.
For more details, see our Python 2.7 and 3.4 support plan.
Removals
* Pytest no longer accepts prefixes of command-line arguments, for example typing pytest --doctest-mod inplace of --doctest-modules. This was previously allowed where the ArgumentParser thought it was unambiguous, but this could be incorrect due to delayed parsing of options for plugins.
* PytestDeprecationWarning are now errors by default.
* ExceptionInfo objects (returned by pytest.raises) now have the same str representation as repr, which avoids some confusion when users use print(e) to inspect the object.
The xmlschema library is an implementation of XML Schema for Python (supports
Python 2.7 and Python 3.5+).
This library arises from the needs of a solid Python layer for processing XML
Schema based files for MaX (Materials design at the Exascale) European project.
A significant problem is the encoding and the decoding of the XML data files
produced by different simulation software. Another important requirement is the
XML data validation, in order to put the produced data under control. The lack
of a suitable alternative for Python in the schema-based decoding of XML data
has led to build this library. Obviously this library can be useful for other
cases related to XML Schema based processing, not only for the original scope.
The proposal of this package is to provide XPath 1.0 and 2.0 selectors for
Python's ElementTree XML data structures, both for the standard ElementTree
library and for the lxml.etree library.
For lxml.etree this package can be useful for providing XPath 2.0 selectors,
because lxml.etree already has it's own implementation of XPath 1.0.
The new patches fix compatibility with OpenSSL 1.1.0, and attempt to fix
the build on FreeBSD, NetBSD, and OpenBSD. It does not link on NetBSD
(like the previous version, 0.70) but it does on macOS.
There was no changelog upstream.
## 2.3.1 / 2019-10-22
### Security
Address CVE-2019-15587: Unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished.
This CVE's public notice is at https://github.com/flavorjones/loofah/issues/171
## 2.3.0 / unreleased
### Features
* Expand set of allowed protocols to include `tel:` and `line:`. [#104, #147]
* Expand set of allowed CSS functions. [related to #122]
* Allow greater precision in shorthand CSS values. [#149] (Thanks, @danfstucky!)
* Allow CSS property `list-style` [#162] (Thanks, @jaredbeck!)
* Allow CSS keywords `thick` and `thin` [#168] (Thanks, @georgeclaghorn!)
* Allow HTML property `contenteditable` [#167] (Thanks, @andreynering!)
### Bug fixes
* CSS hex values are no longer limited to lowercase hex. Previously uppercase hex were scrubbed. [#165] (Thanks, @asok!)
### Deprecations / Name Changes
The following method and constants are hereby deprecated, and will be completely removed in a future release:
* Deprecate `Loofah::Helpers::ActionView.white_list_sanitizer`, please use `Loofah::Helpers::ActionView.safe_list_sanitizer` instead.
* Deprecate `Loofah::Helpers::ActionView::WhiteListSanitizer`, please use `Loofah::Helpers::ActionView::SafeListSanitizer` instead.
* Deprecate `Loofah::HTML5::WhiteList`, please use `Loofah::HTML5::SafeList` instead.
Thanks to @JuanitoFatas for submitting these changes in #164 and for making the language used in Loofah more inclusive.
Update dovecot2-pigeonhole to 0.5.8.
0.5.8 2019-10-08
Changes
- Sieve may leak resources in rare cases when a redirect, vacation or
report action fails to send the message. This mainly applies when Sieve
is executed in IMAP context; i.e., for the IMAPSIEVE or FILTER=SIEVE
capabilities.
Update dovecot2 and friends to 2.3.8.
2.3.8 2019-10-08
Changes
+ Added mail_delivery_started and mail_delivery_finished events, see
https://doc.dovecot.org/admin_manual/list_of_events/ for details.
+ dsync-replication: Don't replicate users who have "noreplicate" extra
field in userdb.
+ doveadm service status: Show total number of processes created.
+ When logging to syslog, use instance_name setting's value for the
ident. This commonly is added as a log prefix.
+ Base64 encoding/decoding code was rewritten with additional features.
It shouldn't cause any user visible changes.
- v2.3.7 regression: If a folder only receives new mails without any
other mail access, dovecot.index.log keeps growing forever and
dovecot.index keeps being rewritten for every mail delivery.
- dsync-replication may lose keywords after syncing mails restored from
another replica. This only happened if the mail only had keywords and no
system flags.
- event filters: Non-textual event fields could not be filtered using
wildcards.
- auth: Scope parameter was missing from OAuth password grant request.
- doveadm client-server communication may hang in some situations. It is
also using unnecessarily small TCP/IP packet sizes.
- doveadm who and kick did not flush protocol output correctly.
- imap: SETMETADATA with literal value would delete the metadata value
instead of updating it.
- imap: When client issues FETCH PREVIEW (LAZY=FUZZY) command, the
caching decisions should be updated so that newly saved mails will have
the preview cached.
- With mail_nfs_index=yes and/or mail_nfs_storage=yes setuid/setgid
permission bits in some files may have become dropped with some NFS
servers. Changed NFS flushing to now use chmod() instead of chown().
- quota: warnings did not work if quota root was noenforcing
- acl: Global ACL file ignored the last line if it didn't end with LF.
- doveadm stats dump: With JSON formatter output numbers using the
number type instead of as strings
- lmtp_proxy: Ensure that real_* variables are correctly set when using
lmtp_proxy.
- event exporter: http-post driver had hardcoded timeout and did not
support DNS lookups or TLS connections.
- auth: Fix user iteration to work with userdb passwd with glibc v2.28.
- auth: auth service can crash if auth-policy JSON response is invalid
or returned too fast.
- In some rare situations "ps" output could have shown a lot of "?"
characters after Dovecot process titles.
- When dovecot.index.pvt is empty, an unnecessary error is logged:
Error: .../dovecot.index.pvt reset, view is now inconsistent
- SMTP address encoder duplicated initial double quote character when
the localpart of an address ended in '..'. For example
"user+..@example.com" became ""user+.."@example.com in a
sieve redirect.
pytest 4.6.6:
Bug Fixes
* Fixed using multiple short options together in the command-line (for example -vs) in Python 3.8+.
* Replace importlib_metadata backport with importlib.metadata from the standard library on Python 3.8+.
* Fix “lexer” being used when uploading to bpaste.net from --pastebin to “text”.
* Fix warnings about deprecated cmp attribute in attrs>=19.2.
Trivial/Internal Changes
* Fixes python version checks (detected by flake8-2020) in case python4 becomes a thing.
4.41.3:
This patch is to ensure that our internals remain comprehensible to :pypi:`mypy` 0.740 - there is no user-visible change.
4.41.2:
This patch changes some internal hashes to SHA384, to better support users subject to FIPS-140. There is no user-visible API change.
4.41.1:
This release makes --hypothesis-show-statistics much more useful for tests using a :class:`~hypothesis.stateful.RuleBasedStateMachine`, by simplifying the reprs so that events are aggregated correctly.
4.41.0:
This release upgrades the :func:`~hypothesis.strategies.fixed_dictionaries` strategy to support optional keys (:issue:`1913`).
4.40.2:
This release makes some minor internal changes in support of improving the Hypothesis test suite. It should not have any user visible impact.
4.40.1:
This release changes how Hypothesis checks if a parameter to a test function is a mock object. It is unlikely to have any noticeable effect, but may result in a small performance improvement, especially for test functions where a mock object is being passed as the first argument.
4.40.0:
This release fixes a bug where our example database logic did not distinguish between failing examples based on arguments from a @pytest.mark.parametrize(...). This could in theory cause data loss if a common failure overwrote a rare one, and in practice caused occasional file-access collisions in highly concurrent workloads (e.g. during a 300-way parametrize on 16 cores).
For internal reasons this also involves bumping the minimum supported version of :pypi:`pytest` to 4.3
4.39.3:
This patch improves our type hints on the :func:`~hypothesis.strategies.emails`, :func:`~hypothesis.strategies.functions`, :func:`~hypothesis.strategies.integers`, :func:`~hypothesis.strategies.iterables`, and :func:`~hypothesis.strategies.slices` strategies, as well as the .filter() method.
There is no runtime change, but if you use :pypi:`mypy` or a similar type-checker on your tests the results will be a bit more precise.
4.39.2:
This patch improves the performance of unique collections such as :func:`~hypothesis.strategies.sets` of :func:`~hypothesis.strategies.just` or :func:`~hypothesis.strategies.booleans` strategies. They were already pretty good though, so you're unlikely to notice much!
4.39.1:
If a value in a dict passed to :func:`~hypothesis.strategies.fixed_dictionaries` is not a strategy, Hypothesis now tells you which one.
4.39.0:
This release adds the :func:`~hypothesis.extra.numpy.basic_indices` strategy, to generate basic indexes for arrays of the specified shape (:issue:`1930`).
It generates tuples containing some mix of integers, :obj:`python:slice` objects, ... (Ellipsis), and :obj:`numpy:numpy.newaxis`; which when used to index an array of the specified shape produce either a scalar or a shared-memory view of the array. Note that the index tuple may be longer or shorter than the array shape, and may produce a view with another dimensionality again!
4.38.3:
This patch defers creation of the .hypothesis directory until we have something to store in it, meaning that it will appear when Hypothesis is used rather than simply installed.
4.38.2:
This patch bumps our dependency on :pypi:`attrs` to >=19.2.0; but there are no user-visible changes to Hypothesis.
4.38.1:
This is a comment-only patch which tells :pypi:`mypy` 0.730 to ignore some internal compatibility shims we use to support older Pythons.
4.38.0:
This release adds the :func:`hypothesis.target` function, which implements experimental support for :ref:`targeted property-based testing <targeted-search>` (:issue:`1779`).
By calling :func:`~hypothesis.target` in your test function, Hypothesis can do a hill-climbing search for bugs. If you can calculate a suitable metric such as the load factor or length of a queue, this can help you find bugs with inputs that are highly improbably from unguided generation - however good our heuristics, example diversity, and deduplication logic might be. After all, those features are at work in targeted PBT too!
4.37.0:
This release emits a warning if you use the .example() method of a strategy in a non-interactive context.
:func:`~hypothesis.given` is a much better choice for writing tests, whether you care about performance, minimal examples, reproducing failures, or even just the variety of inputs that will be tested!
4.36.2:
This patch disables part of the :mod:`typing`-based inference for the :pypi:`attrs` package under Python 3.5.0, which has some incompatible internal details (:issue:`2095`).
4.36.1:
This patch fixes a bug in strategy inference for :pypi:`attrs` classes where Hypothesis would fail to infer a strategy for attributes of a generic type such as Union[int, str] or List[bool] (:issue:`2091`).
4.36.0:
This patch deprecates min_len or max_len of 0 in :func:`~hypothesis.extra.numpy.byte_string_dtypes` and :func:`~hypothesis.extra.numpy.unicode_string_dtypes`. The lower limit is now 1.
Numpy uses a length of 0 in these dtypes to indicate an undetermined size, chosen from the data at array creation. However, as the :func:`~hypothesis.extra.numpy.arrays` strategy creates arrays before filling them, strings were truncated to 1 byte.
4.35.1:
This patch improves the messaging that comes from invalid size arguments to collection strategies such as :func:`~hypothesis.strategies.lists`.
4.35.0:
This release improves the :func:`~hypothesis.extra.lark.from_lark` strategy, tightening argument validation and adding the explicit argument to allow use with terminals that use @declare instead of a string or regular expression.
This feature is required to handle features such as indent and dedent tokens in Python code, which can be generated with the :pypi:`hypothesmith` package.
4.34.0:
The :func:`~hypothesis.strategies.from_type` strategy now knows to look up the subclasses of abstract types, which cannot be instantiated directly.
This is very useful for :pypi:`hypothesmith` to support :pypi:`libCST`.
Nifty Site Manager ("nsm") is a cross-platform framework for managing
and generating websites. Some of its features are:
- it can manage and generate static and dynamic websites.
- it has support for pre/post build/serve scripts to integrate with
cURL, databases, SASS, Grunt, GraphQL, Python Web Server, Live
Server/Reload, and more.
- there is multithreading support
- it is language agnostic, you can use any language you want
(markdown, LATEX, html, xml, css, javascript, php, MySQL, etc)
- it integrates flawlessly with various Javascript and PHP frameworks
- it integrates with Git to clone from and push to various platforms
including AWS, BitBucket, GitHub, GitLab, Netlify, surge.sh, ZEIT Now, etc
- it has a templating system
Update php-xdebug to 2.7.2.
2.7.1 (2019-04-05)
= Fixed bugs:
- Fixed issue #1646: Missing newline in error message
- Fixed issue #1647: Memory corruption when a conditional breakpoint is used
- Fixed issue #1641: Perfomance degradation with getpid syscall (Kees
Hoekzema)
2.7.2 (2019-05-06)
= Fixed bugs:
- Fixed issue #1488: Rewrite DBGp 'property_set' to always use eval
- Fixed issue #1586: error_reporting()'s return value is incorrect during
debugger's 'eval' command
- Fixed issue #1615: Turn off Zend OPcache when remote debugger is turned on
- Fixed issue #1656: remote_connect_back alters header if multiple values
are present
- Fixed issue #1662: __debugInfo should not be used for user-defined classes
Update pear-Mail_Mime to 1.10.4.
1.10.4 2019-10-13
* Fix E_STRICT errors introduced in the previous release [alec]
1.10.3 2019-09-25
* Fix deprecation warning for get_magic_quotes_runtime() use on PHP 7.4
he
mef
triaxx
ng0
morr
fox
maya
nia
adam
khorben
taca
ryoon