Update ruby-actionpack52 to 5.2.4.3.
## Rails 5.2.4.3 (May 18, 2020) ##
* [CVE-2020-8166] HMAC raw CSRF token before masking it, so it cannot be used to reconstruct a per-form token
* [CVE-2020-8164] Return self when calling #each, #each_pair, and #each_value instead of the raw @parameters hash
Update ruby-actionview52 to 5.2.4.3.
## Rails 5.2.4.3 (May 18, 2020) ##
* [CVE-2020-8167] Check that request is same-origin prior to including CSRF token in XHRs
Update ruby-activesupport52 to 5.2.4.3.
## Rails 5.2.4.3 (May 18, 2020) ##
* [CVE-2020-8165] Deprecate Marshal.load on raw cache read in RedisCacheStore
* [CVE-2020-8165] Avoid Marshal.load on raw cache value in MemCacheStore
Version 3.0.8 is a patch release.
This release is binary and source compatible with version 3.0.0.
Note that the libical-glib library is considered unstable; therefore not binary compatible with previous releases
ReleaseNotes:
- Fix for icalattach_new_from_data() and the 'free_fn' argument
- Fix if recurrencetype contains both COUNT and UNTIL (only output UNTIL in the RRULE)
R59b is a must-have bugfix upgrade for R59 (not R58):
[tg] Handle other tmux $TERM types, pointed out by multi via IRC
[tg] Fix typo in FAQ
[tg] y='a\*b'; [[ $x = $y ]] regression (Martijn Dekker) fix
[l0kod] Defuse CLIP OS O_MAYEXEC support (cf. LWN)
[tg] Make set +o output a command to restore the currently set and (new!) cleared options, keep a reset state per session (experimental)
[tg] Correct documentation and code regarding to argv[0] parsing: first ‘-’ for login shells, then ‘r’ case-insensitively for restricted shell, then “sh”*, again case-insensitively, for BINSH_* modes; add tests
[tg] On OS/2, allow case-insensitive name for direct builtin call
[tg] Always skip startup files if direct builtin call
[tg] Avoid some sometimes-redundant startup codepaths
R59 has some major fixes, also introducing breaking changes:
[tg] Repair out-of-tree builds (noticed by rsc)
[tg] Work around a glibc on Hurd issue in testsuite
[komh] OS/2 filesystem mtime granularity is two seconds (as in FAT)
[tg] Replace while with goto: Coverity was confused
[tg] Fix invocation of some builtins when external utility absent
[komh] Improve automatic executable suffix for test builtin
[tg] Style code, refactor, clean up, optimise
[tg] Use cached egid in test builtin
[tg] Make bind builtin output reentry-safe; safety fixes
[tg] If basename(argv[0]) after leading dash removal begins with an ‘r’ enable restricted shell flag; reported by pmjdebruijn via IRC
[tg] Fix code example in manpage for how tab completion escapes
[tg] Match full extglob pattern RHS of [[ string comparison like ksh93
[tg] Implement which with -a in dot.mkshrc
[tg] Remove global builtin (use typeset -g)
[tg] alias, command, whence: Print alias names quoted
[tg] Implement a new quote-region (Esc+Q) editing command
[tg] Document all built-in aliases (requested by msiism via IRC) and those aliases and functions shipped in dot.mkshrc; completely overhaul builtin and reserved word documentation, for consistency
[tg] The manual page now features properly spaced em dashes ☻
[tg] Document that test x = y doesn’t extglob, only [[ x = y ]] does
R58 contains a lot of fixes and improvements:
[lintian] hyphen-used-as-minus-sign (on jessie, not later, ‽‽‽)
[tg] Fix system info gcc dump{machine,version} shell escaping level
[tg] Document KSH_VERSIONNAME_VENDOR_EXT in Build.sh
[tg] Be more explicit about the LTO bug exposed by check.t
[Todd C. Miller] Add -x (file locks) and AIX-specific -r ulimits
[tg] Handle Midipix as test environment and fix some warnings
[tg] Fix some Build.sh issues as Mirtoconf is now used by MirCPIO and MagicPoint
[komh] Improve CRLF to LF conversion
[komh] Ensure ECHO mode is enabled at startup so read has local echo
[komh] Let check.pl retain the PERLIO env variable
[komh] Unbreak nounset-1 test on systems with drive letters
[komh, tg] Make ulimit-3 test work without |& (that is, incomplete ports, i.e. those with -DMKSH_NOPROSPECTOFWORK)
[tg] Disable xxx-stat-1 test for now, fails when run as root
[tg] Drop Build.sh flags -c combine, -c lto
[Martijn Dekker] Exit 126 on execve(2) failure, not 1 (e.g. E2BIG)
[tg] Behave set and export/readonly-on-read-only-variables when run with command and command dot, bugreports by Martijn Dekker
[tg] dot.mkshrc: simplify; enhance (un)setting locale example
[tg, selk] Catch build errors earlier
[tg] Add -fno-lto (if GCC is detected) to CFLAGS and LDFLAGS
[tg] Limit HISTSIZE to 65535, as long pre-announced
[tg] Unbreak testsuite selftest-tty-absent for lksh
[tg] Begin work on support for neatcc (needs neatcc to evolve first)
[tg] Fix possibly not enough aligned access in struct job
[tg] Support going full setugid by running “set -p” once interactive
[tg] Document another (arcane, almost nowhere needed) definition
[tg] Improve code legibility and testsuite reliability and maintenance
[tg] Speed up trivial += cases (LP#1855167)
[tg] Some further code and memory optimisation and test coverage
[tg] Document that += is always string append (LP#1857702)
[tg] Fix “set -e appears active within eval but isn’t” reported by Martijn Dekker and another bug related to using set ±e inside eval
[tg] Handle parameter assignment in front of invocations of POSIX-style functions like ksh-style ones and external utilities; cf. Debian #935115
[tg] Fix bad memory access for invalid syntax (LP#1857828, LP#1857826)
[Brian Callahan] Update MALLOC_OPTIONS-using testcase for newer OpenBSD
[tg] Support lacc as compiler (just detecting, no change), thanks Brian
[tg] Share __IDSTRING with jupp
[tg] Update string comparison/pattern documentation
[tg, veedeeh] Document vi command line editing mode state better
[tg] Add FAQ2HTML.sh to convert mksh.faq to local valid XHTML+CSS
[tg] Correct backslash expansion documentation; caveat re. 16-bit UCS
[tg] Fix extra empty field on IFS-NWS trim expansion (Martijn Dekker)
[tg] Improve code performance, quality, robustness and correctness
[tg] Allow ${x:n} where n is an identifier (veedeeh)
[tg] Permit ‘+’ in alias names, but not leading (Aleksey Cheusov)
[tg] Fix here strings for $@ (LP#1857195), reported by jvdh
[multiplexd] Add vi mode PgDn, similar to PgUp doing history search
[tg] Build.sh fixup unreliable test -n/-z
[multiplexd] Correct documentation of vi mode @c
[tg] Update to UCD 13.0.0
[tg] Use nanoseconds in test -nt / -ot (LP#1855325)
Sollya is a tool environment and a library for safe floating-point
code development, particularly targeted at automated implementation
of math libraries like libm.
Derived from wip/sollya.
During development, it is fairly common to cycle between writing
code and testing that code. Generally the testing happens within
the test suite, but frequently it is more convenient to test things
by hand when tracking down a bug, or when doing some exploratory
coding. In many situations, however, this becomes inconvenient -
for instance, in a REPL, or in a stateful web application, restarting
from the beginning after every code change can get pretty tedious.
This module allows you to reload your application classes on the
fly, so that the code/test cycle becomes a lot easier.
Upstream says...
You'll find below the changes of this bugfixes version:
- (security) Prevent execution of SQL injection while assigning a technician,
- (security) Permit to change key used to store passwords,
- (security) Improve CSRF token,
- (security) Fix several possible XSS,
- (security) Fix a few possible SQL injections,
- Fix SCSS caching issues,
- Fix inline images handling on item update,
- Fix PHP 7.4 compatibility,
- Connect to database using socket,
- and more!
The full changelog is available:
<https://github.com/glpi-project/glpi/milestone/39?closed=1>
Version 10.35 09-May-2020
---------------------------
1. Use PCRE2_MATCH_EMPTY flag to detect empty matches in JIT.
2. Fix ARMv5 JIT improper handling of labels right after a constant pool.
3. A JIT bug is fixed which allowed to read the fields of the compiled
pattern before its existence is checked.
4. Back in the PCRE1 day, capturing groups that contained recursive back
references to themselves were made atomic (version 8.01, change 18) because
after the end a repeated group, the captured substrings had their values from
the final repetition, not from an earlier repetition that might be the
destination of a backtrack. This feature was documented, and was carried over
into PCRE2. However, it has now been realized that the major refactoring that
was done for 10.30 has made this atomicizing unnecessary, and it is confusing
when users are unaware of it, making some patterns appear not to be working as
expected. Capture values of recursive back references in repeated groups are
now correctly backtracked, so this unnecessary restriction has been removed.
5. Added PCRE2_SUBSTITUTE_LITERAL.
6. Avoid some VS compiler warnings.
7. Added PCRE2_SUBSTITUTE_MATCHED.
8. Added (?* and (?<* as synonms for (*napla: and (*naplb: to match another
regex engine. The Perl regex folks are aware of this usage and have made a note
about it.
9. When an assertion is repeated, PCRE2 used to limit the maximum repetition to
1, believing that repeating an assertion is pointless. However, if a positive
assertion contains capturing groups, repetition can be useful. In any case, an
assertion could always be wrapped in a repeated group. The only restriction
that is now imposed is that an unlimited maximum is changed to one more than
the minimum.
10. Fix *THEN verbs in lookahead assertions in JIT.
11. Added PCRE2_SUBSTITUTE_REPLACEMENT_ONLY.
12. The JIT stack should be freed when the low-level stack allocation fails.
13. In pcre2grep, if the final line in a scanned file is output but does not
end with a newline sequence, add a newline according to the --newline setting.
14. (?(DEFINE)...) groups were not being handled correctly when checking for
the fixed length of a lookbehind assertion. Such a group within a lookbehind
should be skipped, as it does not contribute to the length of the group.
Instead, the (DEFINE) group was being processed, and if at the end of the
lookbehind, that end was not correctly recognized. Errors such as "lookbehind
assertion is not fixed length" and also "internal error: bad code value in
parsed_skip()" could result.
15. Put a limit of 1000 on recursive calls in pcre2_study() when searching
nested groups for starting code units, in order to avoid stack overflow issues.
If the limit is reached, it just gives up trying for this optimization.
16. The control verb chain list must always be restored when exiting from a
recurse function in JIT.
17. Fix a crash which occurs when the character type of an invalid UTF
character is decoded in JIT.
18. Changes in many areas of the code so that when Unicode is supported and
PCRE2_UCP is set without PCRE2_UTF, Unicode character properties are used for
upper/lower case computations on characters whose code points are greater than
127.
19. The function for checking UTF-16 validity was returning an incorrect offset
for the start of the error when a high surrogate was not followed by a valid
low surrogate. This caused incorrect behaviour, for example when
PCRE2_MATCH_INVALID_UTF was set and a match started immediately following the
invalid high surrogate, such as /aa/ matching "\x{d800}aa".
20. If a DEFINE group immediately preceded a lookbehind assertion, the pattern
could be mis-compiled and therefore not match correctly. This is the example
that found this: /(?(DEFINE)(?<foo>bar))(?<![-a-z0-9])word/ which failed to
match "word" because the "move back" value was set to zero.
21. Following a request from a user, some extensions and tidies to the
character tables handling have been done:
(a) The dftables auxiliary program is renamed pcre2_dftables, but it is still
not installed for public use.
(b) There is now a -b option for pcre2_dftables, which causes the tables to
be written in binary. There is also a -help option.
(c) PCRE2_CONFIG_TABLES_LENGTH is added to pcre2_config() so that an
application that wants to save tables in binary knows how long they are.
22. Changed setting of CMAKE_MODULE_PATH in CMakeLists.txt from SET to
LIST(APPEND...) to allow a setting from the command line to be included.
23. Updated to Unicode 13.0.0.
24. CMake build now checks for secure_getenv() and strerror(). Patch by Carlo.
25. Avoid using [-1] as a suffix in pcre2test because it can provoke a compiler
warning.
26. Added tests for __attribute__((uninitialized)) to both the configure and
CMake build files, and then applied this attribute to the variable called
stack_frames_vector[] in pcre2_match(). When implemented, this disables
automatic initialization (a facility in clang), which can take time on big
variables.
27. Updated CMakeLists.txt (patches by Uwe Korn) to add support for
pcre2-config, the libpcre*.pc files, SOVERSION, VERSION and the
MACHO_*_VERSIONS settings for CMake builds.
28. Another patch to CMakeLists.txt to check for mkostemp (configure already
does). Patch by Carlo Marcelo Arenas Belon.
29. Check for the existence of memfd_create in both CMake and configure
configurations. Patch by Carlo Marcelo Arenas Belon.
30. Restrict the configuration setting for the SELinux compatible execmem
allocator (change 10.30/44) to Linux and NetBSD.
2020-05-15 7.0.10-12 Cristy <quetzlzacatenango@image...>
* Release ImageMagick version 7.0.10-12, GIT revision 17242:e14b3fb:20200515.
2020-05-12 7.0.10-12 Cristy <quetzlzacatenango@image...>
* Black artefacts during quantization (reference
https://github.com/ImageMagick/ImageMagick/discussions/2007#discussioncomment-13546).
2020-05-08 7.0.10-11 Cristy <quetzlzacatenango@image...>
* Release ImageMagick version 7.0.10-11, GIT revision 17230:088df0e:20200508.
2020-04-28 7.0.10-11 Cristy <quetzlzacatenango@image...>
* Disable "random" OpenCL kernel. Previously the work load was distributed
but each started with the same random seed.
* Finished implementation of -distort rigid-affine.
* Enable threaded PNG coder.
v2.9.9
Bugfixes
--------
- Fix an issue with the ``fileglob`` plugin where passing a subdirectory of non-existent directory would cause it to fail - https://github.com/ansible/ansible/issues/69450
v2.9.8
======
Minor Changes
-------------
- Add test for reboot & wait_for_connection on EOS & IOS (https://github.com/ansible/ansible/pull/63014)
- Fixed 'intersect' filter spelling in constructed inventory plugin example.
- Move cli prompt check logic from action to cliconf plugin (https://github.com/ansible/ansible/pull/63945)
- Point inventory script location to their respective version rather than devel version in documentation.
- ansible-test - Now includes testing support for RHEL 8.2
- ansible-test - Remove obsolete support for provisioning remote vCenter instances. The supporting services are no longer available.
Bugfixes
--------
- Collections - Allow a collection role to call a stand alone role, without needing to explicitly add ``ansible.legacy`` to the collection search order within the collection role. (https://github.com/ansible/ansible/issues/69101)
- Fix cli context check for network_cli connection (https://github.com/ansible/ansible/pull/64697)
- Revert 5f6427b1fc7449a5c42212013d3f628665701c3d as it breaks netconf connection
- Role Installation - Ensure that a role containing files with non-ascii characters can be installed (https://github.com/ansible/ansible/issues/69133)
- Update ActionBase._low_level_execute_command to honor executable (https://github.com/ansible/ansible/issues/68054)
- collections - Handle errors better for filters and tests in collections, where a non-existent collection is specified, or importing the plugin results in an exception (https://github.com/ansible/ansible/issues/66721)
- deal with cases in which just a file is pased and not a path with directories, now fileglob correctly searches in 'files/' subdirs.
- dnf - Unified error messages when trying to install a nonexistent package with newer dnf (4.2.18) vs older dnf (4.2.9)
- dnf - Unified error messages when trying to remove a wildcard name that is not currently installed, with newer dnf (4.2.18) vs older dnf (4.2.9)
- hostname - make module work on Manjaro Linux (https://github.com/ansible/ansible/issues/61382)
- mysql_user - fix the error No database selected (https://github.com/ansible/ansible/issues/68070).
- ovirt_disk: add warning when uploading wrong format
- ovirt_disk: upload image auto detect size
- ovirt_network: allow to remove vlan_tag
- pip - The virtualenv_command option can now include arguments without requiring the full path to the binary. (https://github.com/ansible/ansible/issues/52275)
- pip - check_mode with ``state: present`` now returns the correct state for pre-release versioned packages
- postgresql_set - fix converting value to uppercase (https://github.com/ansible/ansible/issues/67377).
- redfish_config - fix support for boolean bios attrs (https://github.com/ansible/ansible/pull/68251)
- service_facts - Now correctly parses systemd list-unit-files for systemd >=245
- sysvinit - Add missing parameter ``module`` in call to ``daemonize()``.
- the default parsing will now show existing JSON errors and not just YAML (last attempted), also we avoid YAML parsing when we know we only want JSON issue
- win_psmodule - Fix TLS 1.2 compatibility with PSGallery.
- win_psrepository - Fix TLS 1.2 compatibility with PSGallery.
- win_psrepository - Fix ``Ignore`` error when trying to retrieve the list of registered repositories
- zabbix_template - no longer fails with KeyError when there are no macros present in existing template (see https://github.com/ansible-collections/community.zabbix/issues/19)
5.1.0
repmgr: remove BDR 2.x support
repmgr: don't query upstream's data directory
repmgr: rename --recovery-conf-only to --replication-conf-only
repmgr: ensure postgresql.auto.conf is created with correct permissions
repmgr: minimize requirement to check upstream data directory location
during "standby clone"
repmgr: warn about missing pg_rewind prerequisites when excuting
"standby clone"
repmgr: add --upstream option to "node check"
repmgr: report error code on follow/rejoin failure due to non-available
replication slot
repmgr: ensure "node rejoin" checks for available replication slots
repmgr: improve "standby switchover" completion checks
repmgr: add replication configuration file ownership check to
"standby switchover"
repmgr: check the demotion candidate's registered repmgr.conf file can
be found
repmgr: consolidate replication connection code
repmgr: check permissions for "pg_promote()" and fall back to pg_ctl
if necessary
repmgr: in --dry-run mode, display promote command which will be used
repmgr: enable "service_promote_command" in PostgreSQL 12
repmgr: accept option -S/--superuser for "node check"
# 2020-05-05 Version 2.1.0
Important notes:
* fix multiple CVEs: CVE-2020-11039, CVE-2020-11038, CVE-2020-11043, CVE-2020-11040, CVE-2020-11041,
CVE-2020-11019, CVE-2020-11017, CVE-2020-11018
* fix multiple leak and crash issues (#6129, #6128, #6127, #6110, #6081, #6077)
Noteworthy features and improvements:
* Fixed sound issues (#6043)
* New expert command line options /tune and /tune-list to modify all client
settings in a generic way.
* Fixes for smartcard cache, this improves compatibility of smartcard devices
with newer smartcard channel.
* Shadow server can now be instructed to listen to multiple interfaces.
* Improved server certificate support (#6052)
* Various fixes for wayland client (fullscreen, mouse wheel, ...)
* Fixed large mouse pointer support, now mouse pointers > 96x96 pixel are visible.
* USB redirection command line improvements (filter options)
* Various translation improvements for android and ios clients
For a complete and detailed change log since the last release candidate run:
git log 2.0.0..2.1.0
# 2020-04-09 Version 2.0.0
Important notes:
* fix multiple CVEs: CVE-2020-11521 CVE-2020-11522 CVE-2020-11523 CVE-2020-11524 CVE-2020-11525 CVE-2020-11526
* fix multiple other security related issues (#6005, #6006, #6007, #6008, #6009, #6010, #6011, #6012, #6013)
* sha256 is now used instead of sha1 to fingerprint certificates. This will
invalidate all hosts in FreeRDP known_hosts2 file and causes a prompt if a
new connection is established after the update
Noteworthy features and improvements:
* First version of the RDP proxy was added (#5372) - thanks to @kubistika
* Smartcard received some refactoring. Missing functions were added and input
validation was improved (#5884)
* A new option /cert that unifies all certificate related options (#5880)
The old options (cert-ignore, cert-deny, cert-name, cert-tofu) are still
available but marked as deprecated
* Support for Remote Assistance Protocol Version 2 [MS-RA]
* The DirectFB client was removed because it was unmaintained
* Unified initialization of OrderSupport
* Fix for licensing against Windows Server 2003
* Font smoothing is now enabled per default
* Flatpack support was added
* Smart scaling for Wayland using libcairo was added (#5215)
* Unified update->BeginPaint and update->EndPaint
* An image scaling API for software drawing was added
* Rail was updated to the latest spec version 28.0
* Support for H.264 in the shadow server is now detected at runtime
* Add mask=<value> option for /gfx and /gfx-h264 (#5771)
* Code reformatting (#5667)
* A new option /timeout was added to adjust the TCP ACK timeout (#5987)
For a complete and detailed change log since the last release candidate run:
git log 2.0.0-rc4..2.0.0
This is probably the most important of the Samba man pages, and it
should not have been excluded from the build without a detailed
explanation, "just to make the pkg build".
0.14 (up to commit 9ed00a6, 2020/04/14)
=========================================
Deprecated and removed features:
--------------------------------
* bits.h has been removed
* lh_abort() has been removed
* lh_table_lookup() has been removed, use lh_table_lookup_ex() instead.
* Remove TRUE and FALSE defines, use 1 and 0 instead.
Build changes:
--------------
## Deprecated and removed features:
* bits.h has been removed
* lh_abort() has been removed
* lh_table_lookup() has been removed, use lh_table_lookup_ex() instead.
* Remove TRUE and FALSE defines, use 1 and 0 instead.
* autoconf support, including autogen.sh, has been removed. See details about cmake, below.
* With the addition of json_tokener_get_parse_end(), access to internal fields of json_tokener, as well as use of many other symbols and types in json_tokener.h, is deprecated now.
* The use of Android.configure.mk to build for Android no longer works, and it is unknown how (or if) the new cmake-based build machinery can be used.
* Reports of success, or pull requests to correct issues are welcome.
## Notable improvements and new features
### Builds and documentation
* Build machinery has been switched to CMake. See README.md for details about how to build.
* TL;DR: `mkdir build ; cd build ; cmake -DCMAKE_INSTALL_PREFIX=/some/path ../json-c ; make all test install`
* To ease the transition, there is a `cmake-configure` wrapper that emulates the old autoconf-based configure script.
* This has enabled improvements to the build on Windows system; also all public functions have been fixed to be properly exported. For best results, use Visual Studio 2015 or newer.
* The json-c style guide has been updated to specify the use of clang-format, and all code has been reformatted.
* Since many lines of code have trivial changes now, when using git blame, be sure to specify -w
* Numerous improvements have been made to the documentation including function effects on refcounts, when passing a NULL is safe, and so on.
### json_tokener changes
* Added a json_tokener_get_parse_end() function to replace direct access of tok->char_offset.
* The char_offset field, and the rest of the json_tokener structure remain exposed for now, but expect a future release to hide it like is done with json_object_private.h
* json_tokener_parse_ex() now accepts a new JSON_TOKENER_VALIDATE_UTF8 flag to validate that input is UTF8.
* If validation fails, json_tokener_get_error(tok) will return json_tokener_error_parse_utf8_string (see enum json_tokener_error).
### Other changes and additions
* Add support for unsigned 64-bit integers, uint64_t, to gain one extra bit of magnitude for positive ints.
* json_tokener will now parse values up to UINT64_MAX (18446744073709551615)
* Existing methods returning int32_t or int64_t will cap out-of-range values at INT32_MAX or INT64_MAX, preserving existing behavior.
* The implementation includes the possibility of easily extending this to larger sizes in the future.
* A total of 7 new functions were added:
* json_object_get_uint64 ( struct json_object const* jso )
* json_object_new_uint64 ( uint64_t i )
* json_object_set_uint64 ( struct json_object* jso, uint64_t new_value )
* json_parse_uint64 ( char const* buf, uint64_t* retval )
* See description of uint64 support, above.
* json_tokener_get_parse_end ( struct json_tokener* tok )
* See details under "json_tokener changes", above.
* json_object_from_fd_ex ( int fd, int in_depth )
* Allows the max nesting depth to be specified.
* json_object_new_null ( )
* Simply returns NULL. Its use is not recommended.
* The size of struct json_object has decreased from 96 bytes to 88 bytes.
### Testing
* Many updates were made to test cases, increasing code coverage.
* There is now a quick way (JSONC_TEST_TRACE=1) to turn on shell tracing in tests.
* To run tests, use `make test`; the old "check" target no longer exists.
## Significant bug fixes
For the full list of issues and pull requests since the previous release, please see issues_closed_for_0.14.md
* [Issue #389](https://github.com/json-c/json-c/issues/389): Add an assert to explicitly crash when _ref_count is corrupted, instead of a later "double free" error.
* [Issue #407](https://github.com/json-c/json-c/issues/407): fix incorrect casts in calls to ctype functions (isdigit and isspace) so we don't crash when asserts are enabled on certain platforms and characters > 128 are parsed.
* [Issue #418](https://github.com/json-c/json-c/issues/418): Fix docs for json_util_from_fd and json_util_from_file to say that they return NULL on failures.
* [Issue #422](https://github.com/json-c/json-c/issues/422): json_object.c:set errno in json_object_get_double() when called on a json_type_string object with bad content.
* [Issue #453](https://github.com/json-c/json-c/issues/453): Fixed misalignment in JSON serialization when JSON_C_TO_STRING_SPACED and JSON_C_TO_STRING_PRETTY are used together.
* [Issue #463](https://github.com/json-c/json-c/issues/463): fix newlocale() call to use LC_NUMERIC_MASK instead of LC_NUMERIC, and remove incorrect comment.
* [Issue #486](https://github.com/json-c/json-c/issues/486): append a missing ".0" to negative double values to ensure they are serialized as floating point numbers.
* [Issue #488](https://github.com/json-c/json-c/issues/488): use JSON_EXPORT on functions so they are properly exported on Windows.
* [Issue #539](https://github.com/json-c/json-c/issues/539): use an internal-only serializer function in json_object_new_double_s() to avoid potential conflicts with user code that uses the json_object_userdata_to_json_string serializer.
