Version 2.3.3
- Bring back old deprecated dependency syntax to ensure compatibility
with older systems
- Drop Python 3.3 support, as scandir no longer supports it.
- Add Python 3.7 support.
2.5.12:
Bugfixes
* Overwriting default font in Normal style affects library default
* Images not added to anchors.
* Cannot read pivot table formats without dxId
* Repeated registration of simple filter could lead to memory leaks
5.7.2
5.7.2 contains a security fix preventing malicious directory names
from being able to execute javascript. CVE request pending.
5.7.1
5.7.1 contains a security fix preventing nbconvert endpoints from executing javascript with access to the server API. CVE request pending.
5.7.0
New features:
- Update to CodeMirror to 5.37, which includes f-string sytax for Python 3.6
- Update jquery-ui to 1.12
- Check Host header to more securely protect localhost deployments from DNS rebinding.
This is a pre-emptive measure, not fixing a known vulnerability
Use .NotebookApp.allow_remote_access and .NotebookApp.local_hostnames to configure
access.
- Allow access-control-allow-headers to be overridden
- Allow configuring max_body_size and max_buffer_size
- Allow configuring get_secure_cookie keyword-args
- Respect nbconvert entrypoints as sources for exporters
- Include translation sources in source distributions
- Various improvements to documentation
Fixing problems:
- Fix breadcrumb link when running with a base url
- Fix possible type error when closing activity stream
- Disable metadata editing for non-editable cells
- Fix some styling and alignment of prompts caused by regressions in 5.6.0.
- Enter causing page reload in shortcuts editor
- Fix uploading to the same file twice
5.4.0:
New Features
- No input flag (--no-input)
- Add alias --to ipynb for notebook exporter
- Add export_from_notebook
- If set, use nb.metadata.authors for LaTeX author line
- Populate language_info metadata when executing
- Support for \mathscr
- Allow the execute preprocessor to make use of an existing kernel
- Refactor ExecutePreprocessor
- Update widgets CDN for ipywidgets 7 w/fallback
- Add support for adding custom exporters to the "Download as" menu.
- Enable ANSI underline and inverse
- Update notebook css to 5.4.0
- Change default for slides to direct to the reveal cdn rather than locally
- Use "title" instead of "name" for metadata to match the notebook format
- Img filename metadata
- Added MathJax compatibility definitions
- Per cell exception
- Simple API for in-memory templates
- Set BIBINPUTS and BSTINPUTS environment variables when making PDF
- If nb.metadata.title is set, default to that for notebook
Deprecations
- Drop support for python 3.3
Fixing Problems
- Fix api break
- Don't remove empty cells by default
- Handle attached images in html converter
- No need to check for the channels already running
- Update font-awesome version for slides
- Properly treat JSON data
- Skip executing empty code cells
- Ppdate log.warn (deprecated) to log.warning
- Cleanup notebook.tex during PDF generation
- Windows unicode error fixed, nosetest added to setup.py
- Better content hiding; template & testing improvements
- Fix Jinja syntax in custom template example.
- Fix for an issue with empty math block
- Add parser for Multiline math for LaTeX blocks
- Use defusedxml to parse potentially untrusted XML
- Fixes for traitlets 4.1 deprecation warnings
Testing, Docs, and Builds
- A couple of typos
- Add python_requires metadata.
- Document --inplace command line flag.
- Fix minor typo in usage.rst
- Add note about local reveal_url_prefix
- Move onlyif_cmds_exist decorator to test-specific utils
- Include LICENSE file in wheels
- Added Ubuntu Linux Instructions
- Check for too recent of pandoc version
- Removing more nose remnants via dependencies.
- Remove offline statement and add some clarifications in slides docs
- Linkify PR number
- Added shebang for python
- Upgrade mistune dependency
- add feature to improve docs by having links to prs
- Update notebook CSS from version 4.3.0 to 5.1.0
- Explicitly exclude or include all files in Manifest.
5.1.0
- Fix message-ordering bug that could result in out-of-order executions,
especially on Windows
- Fix classifiers to indicate dropped Python 2 support
- Remove some dead code
- Support rich-media responses in inspect_requests (tooltips)
5.0.0
- Drop support for Python 2. ipykernel 5.0 requires Python >= 3.4
- Add support for IPython's asynchronous code execution
- Update release process in CONTRIBUTING.md
---------------------------------------------------------------------
--- erts-10.1.3 -----------------------------------------------------
---------------------------------------------------------------------
Note! The erts-10.1.3 application can *not* be applied independently
of other applications on an arbitrary OTP 21 installation.
On a full OTP 21 installation, also the following runtime
dependency has to be satisfied:
-- kernel-6.1 (first satisfied in OTP 21.1)
--- Improvements and New Features ---
OTP-15430 Application(s): erts
Related Id(s): ERIERL-237
Added an optional ./configure flag to compile the
emulator with spectre mitigation:
--with-spectre-mitigation
Note that this requires a recent version of GCC with
support for spectre mitigation and the
--mindirect-branch=thunk flag, such as 8.1.
Full runtime dependencies of erts-10.1.3: kernel-6.1, sasl-3.0.1,
stdlib-3.5
---------------------------------------------------------------------
--- compiler-7.2.7 --------------------------------------------------
---------------------------------------------------------------------
The compiler-7.2.7 application can be applied independently of other
applications on a full OTP 21 installation.
--- Fixed Bugs and Malfunctions ---
OTP-15353 Application(s): compiler
Related Id(s): ERL-753
Fixed a bug where incorrect code was generated
following a binary match guard.
Full runtime dependencies of compiler-7.2.7: crypto-3.6, erts-9.0,
hipe-3.12, kernel-4.0, stdlib-2.5
---------------------------------------------------------------------
--- erts-10.1.2 -----------------------------------------------------
---------------------------------------------------------------------
Note! The erts-10.1.2 application can *not* be applied independently
of other applications on an arbitrary OTP 21 installation.
On a full OTP 21 installation, also the following runtime
dependency has to be satisfied:
-- kernel-6.1 (first satisfied in OTP 21.1)
--- Fixed Bugs and Malfunctions ---
OTP-15421 Application(s): erts
Fixed a rare bug where files could be closed on a
normal instead of an IO scheduler, resulting in system
instability if the operation blocked.
Full runtime dependencies of erts-10.1.2: kernel-6.1, sasl-3.0.1,
stdlib-3.5
---------------------------------------------------------------------
--- public_key-1.6.3 ------------------------------------------------
---------------------------------------------------------------------
The public_key-1.6.3 application can be applied independently of
other applications on a full OTP 21 installation.
--- Fixed Bugs and Malfunctions ---
OTP-15367 Application(s): public_key
Add DSA SHA2 oids in public_keys ASN1-spec and
public_key:pkix_sign_types/1
Full runtime dependencies of public_key-1.6.3: asn1-3.0, crypto-3.8,
erts-6.0, kernel-3.0, stdlib-3.5
---------------------------------------------------------------------
---------------------------------------------------------------------
---------------------------------------------------------------------
=============================
Release Notes for Samba 4.9.3
November 27, 2018
=============================
This is a security release in order to address the following defects:
o CVE-2018-14629 (Unprivileged adding of CNAME record causing loop in AD
Internal DNS server)
o CVE-2018-16841 (Double-free in Samba AD DC KDC with PKINIT)
o CVE-2018-16851 (NULL pointer de-reference in Samba AD DC LDAP server)
o CVE-2018-16852 (NULL pointer de-reference in Samba AD DC DNS servers)
o CVE-2018-16853 (Samba AD DC S4U2Self crash in experimental MIT Kerberos
configuration (unsupported))
o CVE-2018-16857 (Bad password count in AD DC not always effective)
=======
Details
=======
o CVE-2018-14629:
All versions of Samba from 4.0.0 onwards are vulnerable to infinite
query recursion caused by CNAME loops. Any dns record can be added via
ldap by an unprivileged user using the ldbadd tool, so this is a
security issue.
o CVE-2018-16841:
When configured to accept smart-card authentication, Samba's KDC will call
talloc_free() twice on the same memory if the principal in a validly signed
certificate does not match the principal in the AS-REQ.
This is only possible after authentication with a trusted certificate.
talloc is robust against further corruption from a double-free with
talloc_free() and directly calls abort(), terminating the KDC process.
There is no further vulnerability associated with this issue, merely a
denial of service.
o CVE-2018-16851:
During the processing of an LDAP search before Samba's AD DC returns
the LDAP entries to the client, the entries are cached in a single
memory object with a maximum size of 256MB. When this size is
reached, the Samba process providing the LDAP service will follow the
NULL pointer, terminating the process.
There is no further vulnerability associated with this issue, merely a
denial of service.
o CVE-2018-16852:
During the processing of an DNS zone in the DNS management DCE/RPC server,
the internal DNS server or the Samba DLZ plugin for BIND9, if the
DSPROPERTY_ZONE_MASTER_SERVERS property or DSPROPERTY_ZONE_SCAVENGING_SERVERS
property is set, the server will follow a NULL pointer and terminate.
There is no further vulnerability associated with this issue, merely a
denial of service.
o CVE-2018-16853:
A user in a Samba AD domain can crash the KDC when Samba is built in the
non-default MIT Kerberos configuration.
With this advisory we clarify that the MIT Kerberos build of the Samba
AD DC is considered experimental. Therefore the Samba Team will not
issue security patches for this configuration.
o CVE-2018-16857:
AD DC Configurations watching for bad passwords (to restrict brute forcing
of passwords) in a window of more than 3 minutes may not watch for bad
passwords at all.
For more details and workarounds, please refer to the security advisories.
Trying to mix and match pkgsrc and bundled dependencies resulted in conflicts
between libgit and http-parser, such that cargo was unable to fetch indexes
from crates.io with spurious network error regarding Content-Type headers.
While here add a note about why these dependencies are currently disabled.
Bump PKGREVISION.
## Rails 5.1.6.1 (November 27, 2018) ##
* Do not deserialize GlobalID objects that were not generated by Active Job.
Trusting any GlobaID object when deserializing jobs can allow attackers to access
information that should not be accessible to them.
Fix CVE-2018-16476.
*Rafael Mendonça França*
pkgsrc changes:
- Remove lround patches: lround is no longer used
- Remove #ifndef blocks to rip out XShm support. Unfortunately
the logic is much more convoluted now and #ifndef parts of the code
no longer scale.
Please note that this can break support on Interix!
Changes:
1.5.1
*****
Kim Woelders (13):
- Fix build without HAVE_X11_SHM_FD (T6752)
- XPM loader: Fix potential use of uninitialized value (T6746)
- BMP loader: Fix infinite loop with invalid bmp images (T6749)
- PNM loader: Simplify (fixing ASCII format parsing issues T6751)
- BMP loader: Fix warnings found with -O3
- Maximum image dimension should be 32767, not 32766
- PNG loader: Correct various error handling cases
- Add missing const to imlib_apply_filter() script argument
- Warning fixes in imlib2_... programs
- imlib2_view: Limit window dimensions to 32767
- grab.c: Fix gcc8 warning
- imlib2_conv.c: Fix gcc8 warning
- 1.5.1.
1.5.0
*****
Alexander Volkov (3):
- put a check for shared memory inside __imlib_ShmGetXImage()
- introduce __imlib_ShmDestroyXImage() instead of __imlib_ShmDetach()
- Add support for MIT-SHM FD-passing
Kim Woelders (19):
- XPM loader: Fix incorrect image invalidation.
- Make some more functions static.
- Introduce __imlib_LoadImageData()
- Remove redundant CAST_IMAGE()
- imlib2_grab: Always use imlib_create_scaled_image_from_drawable() to grab image
- imlib_create_scaled_image_from_drawable(): speed up 1:1 case
- imlib_create_scaled_image_from_drawable(): Drop shape handling if unshaped
- Indent
- Autofoo cosmetics
- Strip trailing whitespace, cosmetics
- Fix potential OOB memory access if border elements are negative
- Fix potential OOB memory access if border sizes exceed image dimensions
- Introduce IMLIB2_SHM_OPT to enable overriding/testing SHM modes
- Add IMLIB2_XIMAGE_CACHE_COUNT to enable testing the ximage cache
- Refactor the XImage cache
- Add imlib_get_cache_used()
- Expose XImage cache control functions
- Drop -Waggregate-return
- 1.5.0.
## Rails 4.2.11 (November 27, 2018) ##
* Do not deserialize GlobalID objects that were not generated by Active Job.
Trusting any GlobaID object when deserializing jobs can allow attackers to access
information that should not be accessible to them.
Fix CVE-2018-16476.
*Rafael Mendonça França*
