For full changes, please refer CHANGESLOG.md file.
* libgit2 v0.24.6 and libgit2 v0.25.1, January 9th, 2017
Includes two fixes, one performs extra sanitization for some edge cases in
the Git Smart Protocol which can lead to attempting to parse outside of the
buffer.
The second fix affects the certificate check callback. It provides a valid
parameter to indicate whether the native cryptographic library considered
the certificate to be correct. This parameter is always 1/true before these
releases leading to a possible MITM.
This does not affect you if you do not use the custom certificate callback
or if you do not take this value into account. This does affect you if you
use pygit2 or git2go regardless of whether you specify a certificate check
callback.
taca@ was right. UPDATE_GEMSPEC is better than the patch, and can be used
now since it was moved from gem.mk to rubyversion.mk. With this new version, rdoc is added, because the application breaks without it. Also, selenium-webdriver was downgraded to 2.53.4. Duplicate entries removed from PLIST. Changes are:
Defect #13622: "Clear" button in Spent Time Report tab also clears global filters
Defect #14658: Wrong activity timezone on user page
Defect #14817: Redmine loses filters after deleting a spent time
Defect #22034: Locked users disappear from project settings
Defect #23922: Time Entries context menu/bulk edit shows activities not available for the time entry's project
Defect #24000: z-index children menu should be greater than content
Defect #24092: bundler error: selenium-webdriver requires Ruby version >= 2.0.
Defect #24156: Redmine might create many AnonymousUser and AnonymousGroup entries
Defect #24274: Query totals and query buttons overlaps on small screens
Defect #24297: Show action not allowed for time entries in closed projects
Defect #24311: Project field disappears when target project disallows user to edit the project
Defect #24348: acts_as_versioned use old style (Rails 2.x) of method call for #all
Defect #24595: Unarchive link for a subproject of a closed project does not work
Defect #24646: X-Sendfile is missing in response headers
Defect #24693: Spent time on subtasks should also be reassigned when deleting an issue
Defect #24718: Prevent from reassigning spent time to an issue that is going to be deleted
Defect #24722: Error when trying to reassign spent time when deleting issues from different projects
Patch #24003: Catalan Translation
Patch #24004: Spanish & Spanish (PA) Translation
Patch #24062: Allow only vertical reorderingin sortable lists
Patch #24283: Validate length of string fields
Patch #24296: Add tablename to siblings query to prevent AmbiguousColumn errors
Features
- Improve parsing performance in case of keep-timestamp(no)
- TLS based transports will publish the peer's certificate in a set of
name-value pairs.
- Improve performance of the tcp() source, due to a bug, syslog-ng
attempted to apply position tracking to messages coming over a TCP
transport, which is used for file position tracking and causing
performance degradation.
- Make it possible to configure the listen-backlog() for any stream based
transports (unix-stream and tcp).
- Add a groupunset() rewrite rule that pairs up with groupset() but instead
of setting values it unsets them.
- Add support for Elastic Shield and SearchGuard
- kv-parser() is now able to cope with unquoted values with an embedded
space in them, it also trims whitespace from keys/values and is in
general more reliable in extracting key-value pairs from arbitrary log
messages.
- Improve performance for java based destinations.
- Add prefix() option to add-contextual-data()
Bugfixes
- Fix a potential crash in the file destination, in case it is a template
based filename and time-reap() is elapsed.
- Fix a potential ACK problem within syslog-ng that can cause input windows
to overflow queue sizes over time, effectively causing message drops that
shouldn't occur.
- Fix a heap corruption bug in the DNS cache, in case the maximum number of
DNS cache entries is reached.
- Fix timestamp for suppression messages.
- Fix add-contextual-data() to support CRLF line endings in its CSV input
files.
- Fixed key() option parsing in riemann() destinations.
- Find libsystemd-journal related functions in both libsystemd-journal.so
and libsystemd.so, as recent systemd versions bundled all systemd
related libs into the same library.
- Fixed the build-time detection of system-wide installed librabbitmq,
libmongoc and libcap.
- Fix the file source to repeatedly check for unexisting files, as a bug
caused syslog-ng to stop after two attempts previously.
- The performance testing tool "loggen" crashed if it was used to generate
messages on multiple threads over TLS. This was now fixed.
- Fix an issue in the syslog-parser() parser, so that timestamps parsed
earlier in the log path are properly overwritten.
- Due to a compilation issue, tcp-keepalive-time(), tcp-keepalive-intvl() and
tcp-keepalive-probes() were not working, now they are again.
- The --disable-shm-counters option is now passed to mongo-c-driver to work
around a minor security issue.
- Fix compilation issues on FreeBSD.
- Add support to month names in all caps in syslog timestamps. At least one
device seems to generate these.
- The options() option to java destination can now accept numbers and not
just strings.
- Fix a memory leak in the java destination driver, that may affect java
based destinations like ElasticSearch, Kafka & HDFS.
Other changes
- HDFS was updated to 2.7.3
- Elasticsearch was updated to 2.4.0
- Support was added for OpenSSL 1.1.x
* Version 3.5.8 (released 2016-01-09)
** libgnutls: Ensure that multiple calls to the gnutls_set_priority_*
functions will not leave the verification profiles field to an
undefined state. The last call will take precedence.
** libgnutls: Ensure that GNUTLS_E_DECRYPTION_FAIL will be returned
by PKCS#8 decryption functions when an invalid key is provided. This
addresses regression on decrypting certain PKCS#8 keys.
** libgnutls: Introduced option to override the default priority string
used by the library. The intention is to allow support of system-wide
priority strings (as set with --with-system-priority-file). The
configure option is --with-default-priority-string.
** libgnutls: Require a valid IV size on all ciphers for PKCS#8 decryption.
This prevents crashes when decrypting malformed PKCS#8 keys.
** libgnutls: Fix crash on the loading of malformed private keys with certain
parameters set to zero.
** libgnutls: Fix double free in certificate information printing. If the PKIX
extension proxy was set with a policy language set but no policy specified,
that could lead to a double free.
** libgnutls: Addressed memory leaks in client and server side error paths
(issues found using oss-fuzz project)
** libgnutls: Addressed memory leaks in X.509 certificate printing error paths
(issues found using oss-fuzz project)
** libgnutls: Addressed memory leaks and an infinite loop in OpenPGP certificate
parsing. Fixes by Alex Gaynor. (issues found using oss-fuzz project)
** libgnutls: Addressed invalid memory accesses in OpenPGP certificate parsing.
(issues found using oss-fuzz project)
** API and ABI modifications:
No changes since last version.
* Version 3.5.7 (released 2016-12-8)
** libgnutls: Include CHACHA20-POLY1305 ciphersuites in the SECURE128
and SECURE256 priority strings.
** libgnutls: Require libtasn1 4.9; this ensures gnutls will correctly
operate with OIDs which have elements that exceed 2^32.
** libgnutls: The DN decoding functions output the traditional DN format
rather than the strict RFC4514 compliant textual DN. This reverts the
3.5.6 introduced change, and allows applications which depended on the
previous format to continue to function. Introduced new functions which
output the strict format by default, and can revert to the old one using
a flag.
** libgnutls: Improved TPM key handling. Check authorization requirements
prior to using a key and fix issue on loop for PIN input. Patches by
James Bottomley.
** libgnutls: In all functions accepting UTF-8 passwords, ensure that
passwords are normalized according to RFC7613. When invalid UTF-8
passwords are detected, they are only tolerated for decryption.
This introduces a libunistring dependency on GnuTLS. A version of
libunistring is included in the library for the platforms that do
not ship it; it can be used with the '--with-included-unistring'
option to configure script.
** libgnutls: When setting a subject alternative name in a certificate
which is in UTF-8 format, it will transparently be converted to IDNA form
prior to storing.
** libgnutls: GNUTLS_CRT_PRINT_ONELINE flag on gnutls_x509_crt_print()
will print the SHA256 key-ID instead of a certificate fingerprint.
** libgnutls: enhance the PKCS#7 verification capabilities. In the case
signers that are not discoverable using the trust list or input, use
the stored list as pool to generate a trusted chain to the signer.
** libgnutls: Improved MTU calculation precision for the CBC ciphersuites
under DTLS.
** libgnutls: [added missing news entry since 3.5.0]
No longer tolerate certificate key usage violations for
TLS signature verification, and decryption. That is GnuTLS will fail
to connect to servers which incorrectly use a restricted to signing certificate
for decryption, or vice-versa. This reverts the lax behavior introduced
in 3.1.0, due to several such broken servers being available. The %COMPAT
priority keyword can be used to work-around connecting on these servers.
** certtool: When exporting a CRQ in DER format ensure no text data are
intermixed. Patch by Dmitry Eremin-Solenikov.
** certtool: Include the SHA-256 variant of key ID in --certificate-info
options.
** p11tool: Introduced the --initialize-pin and --initialize-so-pin
options.
** API and ABI modifications:
gnutls_utf8_password_normalize: Added
gnutls_ocsp_resp_get_responder2: Added
gnutls_x509_crt_get_issuer_dn3: Added
gnutls_x509_crt_get_dn3: Added
gnutls_x509_rdn_get2: Added
gnutls_x509_dn_get_str2: Added
gnutls_x509_crl_get_issuer_dn3: Added
gnutls_x509_crq_get_dn3: Added
* Version 3.5.6 (released 2016-11-04)
** libgnutls: Enhanced the PKCS#7 parser to allow decoding old
(pre-rfc5652) structures with arbitrary encapsulated content.
** libgnutls: Introduced a function group to set known DH parameters
using groups from RFC7919.
** libgnutls: Added more strict RFC4514 textual DN encoding and decoding.
Now the generated textual DN is in reverse order according to RFC4514,
and functions which generate a DN from strings such gnutls_x509_crt_set_*dn()
set the expected DN (reverse of the provided string).
** libgnutls: Introduced time and constraints checks in the end certificate
in the gnutls_x509_crt_verify_data2() and gnutls_pkcs7_verify_direct()
functions.
** libgnutls: Set limits on the maximum number of alerts handled. That is,
applications using gnutls could be tricked into an busy loop if the
peer sends continuously alert messages. Applications which set a maximum
handshake time (via gnutls_handshake_set_timeout) will eventually recover
but others may remain in a busy loops indefinitely. This is related but
not identical to CVE-2016-8610, due to the difference in alert handling
of the libraries (gnutls delegates that handling to applications).
** libgnutls: Reverted the change which made the gnutls_certificate_set_*key*
functions return an index (introduced in 3.5.5), to avoid affecting programs
which explicitly check success of the function as equality to zero. In order
for these functions to return an index an explicit call to gnutls_certificate_set_flags
with the GNUTLS_CERTIFICATE_API_V2 flag is now required.
** libgnutls: Reverted the behavior of sending a status request extension even
without a response (introduced in 3.5.5). That is, we no longer reply to a
client's hello with a status request, with a status request extension. Although
that behavior is legal, it creates incompatibility issues with releases in
the gnutls 3.3.x branch.
** libgnutls: Delayed the initialization of the random generator at
the first call of gnutls_rnd(). This allows applications to load
on systems which getrandom() would block, without blocking until
real random data are needed.
** certtool: --get-dh-params will output parameters from the RFC7919
groups.
** p11tool: improvements in --initialize option.
** API and ABI modifications:
GNUTLS_CERTIFICATE_API_V2: Added
GNUTLS_NO_TICKETS: Added
gnutls_pkcs7_get_embedded_data_oid: Added
gnutls_anon_set_server_known_dh_params: Added
gnutls_certificate_set_known_dh_params: Added
gnutls_psk_set_server_known_dh_params: Added
gnutls_x509_crt_check_key_purpose: Added
* Version 3.5.5 (released 2016-10-09)
** libgnutls: enhanced gnutls_certificate_set_ocsp_status_request_file()
to allow importing multiple OCSP request files, one for each chain
provided.
** libgnutls: The gnutls_certificate_set_key* functions return an
index of the added chain. That index can be used either with
gnutls_certificate_set_ocsp_status_request_file(), or with
gnutls_certificate_get_crt_raw() and friends.
** libgnutls: Added SHA*, AES-GCM, AES-CCM and AES-CBC optimized implementations
for the aarch64 architecture. Uses Andy Polyakov's assembly code.
** libgnutls: Ensure proper cleanups on gnutls_certificate_set_*key()
failures due to key mismatch. This prevents leaks or double freeing
on such failures.
** libgnutls: Increased the maximum size of the handshake message hash.
This will allow the library to cope better with larger packets, as
the ones offered by current TLS 1.3 drafts.
** libgnutls: Allow to use client certificates despite them containing
disallowed algorithms for a session. That allows for example a client
to use DSA-SHA1 due to his old DSA certificate, without requiring him
to enable DSA-SHA1 (and thus make it acceptable for the server's certificate).
** libgnutls: Reverted AESNI code on x86 to earlier version as the
latest version was creating position depending code. Added checks
in the CI to detect position depending code early.
** guile: Update code to the I/O port API of Guile >= 2.1.4
This makes sure the GnuTLS bindings will work with the forthcoming 2.2
stable series of Guile, of which 2.1 is a preview.
** API and ABI modifications:
gnutls_certificate_set_ocsp_status_request_function2: Added
gnutls_session_ext_register: Added
gnutls_session_supplemental_register: Added
GNUTLS_E_PK_INVALID_PUBKEY: Added
GNUTLS_E_PK_INVALID_PRIVKEY: Added
This is a regularly scheduled bugfix and improvement release recommended for all users.
Resolved issues:
#3846: Changing bandwidth rate limits now takes effect immediately without restart.
#3859: The event log (-audit) can now be directed to stderr for piping into another program.
#3584: A panic on folder listing at startup has been fixed.
#3857: On Windows, we now make sure to never descend into directory symlinks.
#3819: When a folder is deleted, the .stfolder marker is also removed. The ignore file and .stversions directory are retained, if present.
#3839: Several scenarios where a device would get stuck with "not a directory" errors are now handled again.
#3861: Third party copyrights in the about box are now more up to date.
Also:
Hashing performance has been improved again, after it was inadvertently reduced in v0.4.17.
this to build for NetBSD/powerpc:
* need a cast in one place (in the renamed patch)
* an overcautious assert() is incompatible with top/down VM layout in NetBSD
This still doesn't work on NetBSD/powerpc, though, and I ran out of time.
The build produces a mono-boehm.core file the first time through the build
(for some reason not the subsequent attempts, sigh!), and I have problems
reconstructing the CLI to run the mono-boehm executable under gdb, and the
core file says it got a segv in opendir() which must be nonsensical.
2.1.16
- Avoid infinitely looping result set when paging SELECT queries with
an IN clause with duplicate keys by treating the IN values as a set
instead of a list
- Add system property to set the max number of native transport requests
in queue
- Include column family parameter when -st and -et are provided
- Fix queries with empty ByteBuffer values in clustering column
restrictions
- Disable passing control to post-flush after flush failure to prevent
data loss
- Allow STCS-in-L0 compactions to reduce scope with LCS
- cannot use cql since upgrading python to 2.7.11+
- Fix filtering on clustering columns when 2i is used
- Improve digest calculation in the presence of overlapping tombstones
2.1.15
- Account for partition deletions in tombstone histogram
- Avoid stalling paxos when the paxos state expires
- Remove finished incoming streaming connections from MessagingService
- Don't try to get sstables for non-repairing column families
- Prevent select statements with clustering key > 64k
- Avoid marking too many sstables as repaired
- Fix clock skew corrupting other nodes with paxos
- Remove distinction between non-existing static columns and existing
but null in LWTs
- Support mlockall on IBM POWER arch
- Cache local ranges when calculating repair neighbors
- Allow LWT operation on static column with only partition keys
- Create interval tree over canonical sstables to avoid missing sstables
during streaming
- cqlsh COPY FROM: shutdown parent cluster after forking, to avoid
corrupting SSL connections
- Updated cqlsh Python driver to fix DESCRIBE problem for legacy tables
- cqlsh: apply current keyspace to source command
- Backport CASSANDRA-11578
- Clear out parent repair session if repair coordinator dies
- Set default streaming_socket_timeout_in_ms to 24 hours
- Do not consider local node a valid source during replace
- Avoid holding SSTableReaders for duration of incremental repair
- Add message dropped tasks to nodetool netstats
- Don't compute expensive MaxPurgeableTimestamp until we've verified
there's an expired tombstone
- Fix paging on DISTINCT queries repeats result when first row in
partition changes
- Add option to disable use of severity in DynamicEndpointSnitch
- cqlsh COPY FROM fails for null values with non-prepared statements
- Make cython optional in pylib/setup.py
- Change order of directory searching for cassandra.in.sh to favor local
one
- cqlsh COPY FROM fails with []{} chars in UDT/tuple fields/values
- clqsh: COPY FROM throws TypeError with Cython extensions enabled
- cqlsh: COPY FROM ignores NULL values in conversion
- Validate levels when building LeveledScanner to avoid overlaps with
orphaned sstables
2.1.14
- Start L0 STCS-compactions even if there is a L0 -> L1 compaction going
- (cqlsh) Fix potential COPY deadlock when parent process is terminating
child processes
- Replace sstables on DataTracker before marking them as non-compacting
during anti-compaction
- Checking if an unlogged batch is local is inefficient
- Fix paging for COMPACT tables without clustering columns
- Fix out-of-space error treatment in memtable flushing
- Backport CASSANDRA-10859
- COPY FROM fails when importing blob
- Backport CASSANDRA-10679
- Don't do defragmentation if reading from repaired sstables
- Fix streaming_socket_timeout_in_ms not enforced
- Avoid dropping message too quickly due to missing unit conversion
- COPY FROM on large datasets: fix progress report and debug performance
- InvalidateKeys should have a weak ref to key cache
- Don't remove FailureDetector history on removeEndpoint
- Only notify if repair status changed
- Add partition key to TombstoneOverwhelmingException error message
- Use logback setting for 'cassandra -v' command
- Fix sstableloader to unthrottle streaming by default
- Fix incorrect warning in 'nodetool status'
- Properly release sstable ref when doing offline scrub
- Improve nodetool status performance for large cluster
- Make it clear what DTCS timestamp_resolution is used for
- Gossiper#isEnabled is not thread safe
- Avoid major compaction mixing repaired and unrepaired sstables in DTCS
- test_bulk_round_trip_blogposts is failing occasionally
- Add a -j parameter to scrub/cleanup/upgradesstables to state how
many threads to use
2.1.13
- Fix isJoined return true only after becoming cluster member
(CASANDRA-11007)
- Fix bad gossip generation seen in long-running clusters
- Avoid NPE when incremental repair fails
- Unmark sstables compacting once they are done in
cleanup/scrub/upgradesstables
- Revert CASSANDRA-10012 and add more logging
- Allow simultaneous bootstrapping with strict consistency when no
vnodes are used
- Log a message when major compaction does not result in a single file
- (cqlsh) fix cqlsh_copy_tests when vnodes are disabled
- (cqlsh) fix formatting bytearray values
- (cqlsh) Add request timeout option to cqlsh
- Avoid AssertionError while submitting hint with LWT
- If CompactionMetadata is not in stats file, use index summary instead
- Retry sending gossip syn multiple times during shadow round
- Fix pending range calculation during moves
- Sane default (200Mbps) for inter-DC streaming througput
- Match cassandra-loader options in COPY FROM
- Fix binding to any address in CqlBulkRecordWriter
- Fix the way we replace sstables after anticompaction
- cqlsh fails to decode utf-8 characters for text typed columns
- Log error when stream session fails
- Fix bugs in commit log archiving startup behavior
- (cqlsh) further optimise COPY FROM
- Allow CREATE TABLE WITH ID
- Make Stress compiles within eclipse
- Cassandra Daemon should print JVM arguments
- Allow cancellation of index summary redistribution
- sstableloader will fail if there are collections in the schema tables
- Disable reloading of GossipingPropertyFileSnitch
- Fix Stress profile parsing on Windows
2.1.12
- Fix incremental repair hang when replica is down
- Avoid writing range tombstones after END_OF_ROW marker
- Optimize the way we check if a token is repaired in anticompaction
- Add proper error handling to stream receiver
- Warn or fail when changing cluster topology live
- Status command in debian/ubuntu init script doesn't work
- Some DROP ... IF EXISTS incorrectly result in exceptions on
non-existing KS
- DeletionTime.compareTo wrong in rare cases
- Force encoding when computing statement ids
- Properly reject counters as map keys
- Fix the sstable-needs-cleanup check
- (cqlsh) Print column names before COPY operation
- Add Native-Transport-Requests back to tpstats
- Make paging logic consistent between searcher impls
- Fix CompressedInputStream for proper cleanup
- (cqlsh) Support counters in COPY commands
- Try next replica if not possible to connect to primary replica on
ColumnFamilyRecordReader
- Limit window size in DTCS
- sstableloader does not use MAX_HEAP_SIZE env parameter
- (cqlsh) Improve COPY TO performance and error handling
- Don't remove level info when running upgradesstables
- Create compression chunk for sending file only
- Make buffered read size configurable
- Forbid compact clustering column type changes in ALTER TABLE
- Reject incremental repair with subrange repair
- Add a nodetool command to refresh size_estimates
- Shutdown compaction in drain to prevent leak
- Invalidate cache after stream receive task is completed
- Reject counter writes in CQLSSTableWriter
- Remove superfluous COUNTER_MUTATION stage mapping
- Improve json2sstable error reporting on nonexistent columns
- (cqlsh) fix COPY using wrong variable name for time_format
- Do not run SizeEstimatesRecorder if a node is not a member of the ring
- Improve handling of dead nodes in gossip
- Fix logback-tools.xml incorrectly configured for outputing to
System.err
- Fix streaming to catch exception so retry not fail
- Add validation method to PerRowSecondaryIndex
- Support encrypted and plain traffic on the same port
- Do STCS in DTCS windows
- Don't try to get ancestors from half-renamed sstables
- Avoid repetition of JVM_OPTS in debian package
- Fix potential NPE from handling result of SIM.highestSelectivityIndex
- Fix paging issues with partitions containing only static columns data
- Fix conditions on static columns
- AssertionError: attempted to delete non-existing file CommitLog
- Merge range tombstones during compaction
- (cqlsh) Distinguish negative and positive infinity in output
- (cqlsh) allow custom time_format for COPY TO
- Don't allow startup if the node's rack has changed
- Fix sorting for queries with an IN condition on partition key columns
Changes:
8.0.0087 channel callback may get job info after it was deleted
8.0.0088 when a test fails in Setup/Teardown problem is not reported
8.0.0089 various problems with GTK 3.22.2
8.0.0090 cursor moved after last character when using 'breakindent'
8.0.0091 test_help_complete sometimes fails in MS-Windows console
8.0.0092 C indent does not support nested namespaces that C++ 17 has
8.0.0093 not using multiprocess build feature
8.0.0094 if vimrun.exe not found error message is not properly encoded
8.0.0095 problems with GTK 3.22.2 fixed in 3.22.4
8.0.0096 when the input or output is not a tty Vim appears to hang
8.0.0097 if channel callback takes a lot of time Vim is unresponsive
8.0.0098 (after 8.0.0097) can't build on MS-Windows
8.0.0099 popup menu appears above the cursor too often
8.0.0100 file name options may contain non-filename characters
8.0.0101 some options are not strictly checked
8.0.0102 (after 8.0.0101) cannot set 'dictionary' to a path
8.0.0103 may not process channel readahead
8.0.0104 value of 'thesaurus' option not checked properly
8.0.0105 can't tell difference between reading empty line or nothing
8.0.0106 (after 8.0.0100) cannot use a semicolon in 'backupext'
8.0.0107 when reading channel output in timer messages may be missing
8.0.0108 (after 8.0.0107) the channel "drop" option is not tested
8.0.0109 still checking if memcmp() exists, should be everywhere now
8.0.0110 drop command doesn't use existing window
8.0.0111 the :history command is not tested
8.0.0112 tests 92 and 93 are old style
8.0.0113 MS-Windows: dialog for saving changes on the wrong monitor
8.0.0114 coding style not optimal
8.0.0115 when building with Cygwin libwinpthread isn't found
8.0.0116 using CTRl-] in English help language from 'helplang' is used
8.0.0117 parallel make fails
8.0.0118 "make proto" adds extra function prototype
8.0.0119 no test for using CTRL-R on the command line
8.0.0120 channel test is still flaky on OS X
8.0.0121 setting 'cursorline' changes the curswant column
8.0.0122 channel test is still flaky on OS X
8.0.0123 modern Sun compilers define "__sun" instead of "sun"
8.0.0124 internal error for assert_inrange(1, 1)
8.0.0125 not enough testing for entering Ex commands
8.0.0126 display problem with 'foldcolumn' and a wide character
8.0.0127 cancelling completion still formats text
8.0.0128 (after 8.0.0126) display test fails on MS-Windows
8.0.0129 parallel make still doesn't work
8.0.0130 configure uses "ushort" while the Vim code doesn't
8.0.0131 not enough test coverage for syntax commands
8.0.0132 (after 8.0.0131) test fails because of using :finish
8.0.0133 "2;'(" causes ml_get errors in an empty buffer
8.0.0134 null pointer access reported by UBsan
8.0.0135 relative address does not work with closed fold
8.0.0136 when changing indent the wrong fold is opened
8.0.0137 when 'maxfuncdepth' set above 200 nesting is limited to 200
8.0.0138 (after 8.0.0137) small build fails
8.0.0139 (after 8.0.0135) warning for unused argument
8.0.0140 pasting inserted text in Visual mode does not work properly
8.0.0141 (after 8.0.0137) nested function test fails on AppVeyor
8.0.0142 normal colors are wrong with 'termguicolors'
8.0.0143 line number of current buffer in getbufinfo() is wrong
8.0.0144 when using MSVC the GvimExt directory is cleaned twice
8.0.0145 running tests on MS-Windows is noisy
8.0.0146 termguicolors uses wrong colors on MS-Windows with ConEmu
8.0.0147 searchpair() fails when 'magic' is off
8.0.0148 wrong indent in C preprocessor with line continuation
8.0.0149 :earlier does not work after reading the undo file
8.0.0150 completion for :filter does not skip the pattern
8.0.0151 passing buffer content to system() is clumsy
8.0.0152 stray channellog created when running tests
8.0.0153 (after 8.0.0151) system() test fails on MS-Windows
8.0.0154 (after 8.0.0151) system() test fails on OS/X
8.0.0155 ubsan complains about NULL pointer
8.0.0156 not enough test coverage for float functions
8.0.0157 no completion for :syntax spell and :syntax sync
8.0.0158 (after 8.0.0156) float function test fails on MS-Windows
8.0.0159 crash on startup when updating tabline
8.0.0160 EMSG() is sometimes used where it should be IEMSG()
8.0.0161 (after 8.0.0159) can't build with small features
Major changes:
New Default Theme - Twenty Seventeen
- It is an ambitious theme designed for business websites that focuses on a
creative home page and an easy site setup experience for users.
* multiple sections on the front page, selected in the Customizer.
* a striking asymmetrical grid.
* custom color schemes, built on top of a monochromatic foundation, and
adjustable via a hue picker.
* different headline placement for pages, changeable in the Customizer, via
them options.
* a great experience in many languages, thanks to language-specific font stacks.
* SVG icons (a first for a default theme).
* support for custom logo, custom header image and many post formats.
* the use of new functions in Core for making child theming easier.
Note: Twenty Seventeen only works on 4.7 and above. It uses the new
video header and starter content features, each launched in 4.7.
REST API Content Endpoints
* API endpoints for WordPress content. WordPress 4.7 comes with REST API
endpoints for posts, comments, terms, users, meta, and settings. Content
endpoints provide machine-readable external access to your WordPress site
with a clear, standards-driven interface, paving the way for new and
innovative methods of interacting with your site.
ChangeLog:
2016/12/25 : 1.6.11
- BUILD: contrib: fix ip6range build on Centos 7
- BUG/MINOR: cli: fix pointer size when reporting data/transport layer name
- BUG/MINOR: cli: dequeue from the proxy when changing a maxconn
- BUG/MINOR: cli: wake up the CLI's task after a timeout update
- BUG/MINOR: freq-ctr: make swrate_add() support larger values
- BUG/MEDIUM: proxy: return "none" and "unknown" for unknown LB algos
- BUG/MAJOR: stream: fix session abort on resource shortage
- BUG/MINOR: http: don't send an extra CRLF after a Set-Cookie in a redirect
- BUG/MEDIUM: variables: some variable name can hide another ones
- BUG/MINOR: cli: be sure to always warn the cli applet when input buffer is full
- MINOR: applet: Count number of (active) applets
- MINOR: task: Rename run_queue and run_queue_cur counters
- BUG/MEDIUM: stream: Save unprocessed events for a stream
- BUG/MAJOR: Fix how the list of entities waiting for a buffer is handled
- BUG/MEDIUM: lua: In some case, the return of sample-fetches is ignored (2)
- BUG/MINOR: stream-int: automatically release SI_FL_WAIT_DATA on SHUTW_NOW
- DOC: lua: section declared twice
- DOC: fix small typo in fe_id (backend instead of frontend)
- BUG/MINOR: lua: memory leak executing tasks
- BUG/MEDIUM: ssl: properly reset the reused_sess during a forced handshake
- BUG/MEDIUM: ssl: avoid double free when releasing bind_confs
- BUG/MINOR: backend: nbsrv() should return 0 if backend is disabled
- BUG/MEDIUM: ssl: for a handshake when server-side SNI changes
- BUG/MINOR: systemd: potential zombie processes
2016/11/20 : 1.6.10
- BUG/MINOR: Fix OSX compilation errors
- BUG/MINOR: displayed PCRE version is running release
- MINOR: show Built with PCRE version
- MINOR: show Running on zlib version
- MINOR: Add fe_req_rate sample fetch
- MEDIUM: make SO_REUSEPORT configurable
- BUG/MINOR: vars: use sess and not s->sess in action_store()
- BUG/MINOR: vars: make smp_fetch_var() more robust against misuses
- BUG/MINOR: vars: smp_fetch_var() doesn't depend on HTTP but on the session
- BUG/MINOR: ssl: Check malloc return code
- BUG/MINOR: ssl: prevent multiple entries for the same certificate
- BUG/MINOR: systemd: make the wrapper return a non-null status code on error
- BUG/MINOR: systemd: always restore signals before execve()
- BUG/MINOR: systemd: check return value of calloc()
- MINOR: systemd: report it when execve() fails
- BUG/MEDIUM: systemd: let the wrapper know that haproxy has completed or failed
- BUILD: protocol: fix some build errors on OpenBSD
- BUILD: log: iovec requires to include sys/uio.h on OpenBSD
- BUILD: tcp: do not include netinet/ip.h for IP_TTL
- BUILD: checks: remove the last strcat and eliminate a warning on OpenBSD
- BUILD: poll: remove unused hap_fd_isset() which causes a warning with clang
- MINOR: cfgparse: few memory leaks fixes.
- MINOR: build: Allow linking to device-atlas library file
- DOC: Fix typo in description of `-st` parameter in man page
- BUG/MEDIUM: peers: on shutdown, wake up the appctx, not the stream
- BUG/MEDIUM: peers: fix use after free in peer_session_create()
- BUG/MEDIUM: systemd-wrapper: return correct exit codes
- BUG/MEDIUM: srv-state: properly restore the DRAIN state
- BUG/MINOR: srv-state: allow to have both CMAINT and FDRAIN flags
- BUG/MEDIUM: servers: properly propagate the maintenance states during startup
- BUG: vars: Fix 'set-var' converter because of a typo
- BUG/MEDIUM: channel: bad unlikely macro
- CLEANUP: lua: move comment
- CLEANUP: lua: control executed twice
- CLEANUP: ssl: Fix bind keywords name in comments
- DOC: ssl: Use correct wording for ca-sign-pass
- BUG/MINOR: stick-table: handle out-of-memory condition gracefully
- BUG/MEDIUM: connection: check the control layer before stopping polling
- BUG/MEDIUM: stick-table: fix regression caused by recent fix for out-of-memory
- CONTRIB: initiate a debugging suite to make debugging easier
- BUG/MINOR: cli: properly decrement ref count on tables during failed dumps
- BUG/MEDIUM: lua: In some case, the return of sample-fetche is ignored
This is a simple wrapper over the kqueue (supported on FreeBSD, NetBSD,
OpenBSD, and Darwin). It uses the FFI gem to avoid having to compile a C
extension.
API documentation is available on rdoc.info:
http://rdoc.info/projects/mat813/rb-kqueue.
# Addressable 2.5.0
- dropping support for Ruby 1.9
- adding support for Ruby 2.4 preview
- add support for public suffixes and tld; first runtime dependency
- hostname escaping should match RFC; underscores in hostnames no longer escaped
- paths beginning with // and missing an authority are now considered invalid
- validation now also takes place after setting a path
- handle backslashes in authority more like a browser for `heuristic_parse`
- unescaped backslashes in host now raise an `InvalidURIError`
- `merge!`, `join!`, `omit!` and `normalize!` don't disable deferred validation
- `heuristic_parse` now trims whitespace before parsing
- host parts longer than 63 bytes will be ignored and not passed to libidn
- normalized values always encoded as UTF-8
hitch-1.4.4 (2016-12-22)
------------------------
- OpenSSL 1.1.0 compatibility fixes. OpenSSL 1.1.0 is now fully
supported with Hitch.
- Fix a bug in the OCSP refresh code that could make it loop with
immediate refreshes flooding an OCSP responder.
- Force the SSL_OP_SINGLE_DH_USE setting. This protects against an
OpenSSL vulnerability where a remote attacker could discover private
DH exponents (CVE-2016-0701).
hitch-1.4.3 (2016-11-14)
------------------------
- OCSP stapling is now enabled by default.
Users should create ocsp-dir (default: /var/lib/hitch/) and make it
writable for the hitch user.
- Build error due to man page generation on FreeBSD (most likely non-Linux)
has been fixed.
hitch-1.4.2 (2016-11-08)
------------------------
- Example configuration file hitch.conf.example has been shortened and
defaults moved into Hitch itself. Default cipher string is now what we
believe to be secure. Users are recommended to use the built-in default
from now on, unless they have special requirements.
- hitch.conf(5) manual has been added.
- Hitch will now send a TLS Close notification during connection teardown.
This fixes an incomplete read with a GnuTLS client when the backend
(thttpd) used EOF to signal end of data, leaving some octets discarded
by gnutls client-side. (Issue 127_)
- Autotools will now detect SO_REUSEPORT availability. (Issue 122_)
- Improved error handling on memory allocation failure.
* Update buildlink3.mk
* Update HOMEPAGE and MASTER_SITES
Changelog:
0.9.11:
Overall changes:
LibVNCServer/LibVNCClient development now uses continous intregration, provided by TravisCI.
LibVNCClient:
Now initializes libgcrypt before use if the application did not do it. Fixes a crash when connection to Mac hosts (#45).
Various fixes that result in more stable handling of malicious or broken servers.
Removed broken and unmaintained H264 decoding.
Some documentation fixes.
Added hooks to WriteToTLS() for optional protection by mutex.
LibVNCServer:
Stability fixes for the WebSocket implementation.
Replaced SHA1 implementation with the one from RFC 6234.
The built-in HTTP server does not allow directory traversals anymore.
The built-in HTTP now sends correct MIME types for CSS and SVG.
Added support for systemd socket activation.
Made it possible to get autoPort behavior with either ipv4 or ipv6 disabled.
Fixed starting of an onHold-client in threaded mode.
0.9.10:
Overall changes:
Moved the whole project from sourceforge to https://libvnc.github.io/.
Cleaned out the autotools build system which now uses autoreconf.
Updated noVNC HTML5 client to latest version.
Split out x11vnc sources into separate repository at https://github.com/LibVNC/x11vnc
Split out vncterm sources into separate repository at https://github.com/LibVNC/vncterm
Split out VisualNaCro sources into separate repository at https://github.com/LibVNC/VisualNaCro
Merged Debian patches.
LibVNCServer/LibVNCClient:
Fixed some security-related buffer overflow cases.
Added compatibility headers to make LibVNCServer/LibVNCClient build on native Windows 8.
Update LZO to version 2.07, fixing CVE-2014-4607.
LibVNCServer:
Merged patches from KDE/krfb.
Can now do IPv6 without IPv4.
Fixed a use-after-free issue in scale.c.
