pkgsrc changes:
- Add support for the test suite (this needs gmake as a test tool dependency)
- Fix the shebang of test shell script with REPLACE_BASH and also add a
SUBST to fix a shebang in the middle of scripts (needed in shell script part
of the test suite).
REPLACE_INTERPRETER only adjust the shebang in the first line of the file.
- Add patches/patch-tests_test-lib.sh to just use `date -r' in non-GNU and
non-macOS lands. By default the current date is used and then the test will
definitely fails. While there are no guarantees that the date(1) available on
the system supports `-r' option it is probably better to try using it (indeed
this make all the date tests happy on NetBSD and probably also on FreeBSD and
OpenBSD according a quick skim of their date(1) man pages).
- Also install USAGE.md document (it is referenced by README.md).
Changes:
## [2.11.0] - 2018-03-26
### Added
- Added support for `$XDG_CONFIG_HOME` config file/actions location
- Created [CODE_OF_CONDUCT.md](/CODE_OF_CONDUCT.md) ([#217])
- Created [CHANGELOG.md](/CHANGELOG.md) ([#218])
### Changed
- Updated `add` command to accept lowercase priority ([#230])
- Clean tests and version file in Makefile. Don't ignore errors in tests.
- Updated [README.md](/README.md) ([#219])
- Update Downloads links to point at the Releases page ([#228])
- Set the executable bit when preparing releases ([#156])
### Fixes
- Update links to use https
- Suppress todo.sh error messages when invoked during completion ([#8])
v14.2.0
* :issue:1680 via :pr:1683: HTTP Basic Auth supports :rfc:7617 UTF-8
charset decoding where possible. Uses latin1 as a fallback.
v14.1.0
* :cr-pr:37: Add support for peercreds lookup over UNIX domain socket.
This enables app to automatically identify "who's on the other
end of the wire".
This is how you enable it::
server.peercreds: True
server.peercreds_resolve: True
The first option will put remote numeric data to WSGI env vars:
app's PID, user's id and group.
Second option will resolve that into user and group names.
To prevent expensive syscalls, data is cached on per connection
basis.
v6.2.4
- Fix missing resolve_peer_creds argument in
:py:class:cheroot.wsgi.Server being bypassed into
:py:class:cheroot.server.HTTPServer.
- :pr:85: Revert conditional dependencies. System packagers should
honor the dependencies as declared by cheroot, which are defined
intentionally.
If PKG_DBDIR is /foo and a path like /foobar is given, it is not below
PKG_DBDIR, so don't translate it into a package name look up. The old
logic for giving a path to PKG_DBDIR remains for legacy compat.
- Added support for SQLite's new ON CONFLICT clause, which is modelled
on the syntax used by Postgresql and will be available in SQLite
3.24.0 and onward.
- Added better support for using common table expressions and a
cleaner way of implementing recursive CTEs, both of which are also
tested with integration tests (as opposed to just checking the
generated SQL).
- Modernized the CI environment to utilize the latest MariaDB
features, so we can test window functions and CTEs with MySQL (when
available).
- Reorganized and unified the feature-flags in the test suite.
This major update includes:
* a new key 'decade' for \gantttitlecalendar
* a new key 'time slot unit' for using one day, month or year per time
slot; this key replaces 'compress calendar' % a new macro \ganttvrule
for drawing arbitrary vertical rules (similar to the today rule), as
well as associated keys 'vrule', 'vrule offset', 'vrule label font',
and 'vrule label text' % a new key 'expand chart', which specifies that
a chart should expand horizontally to a given dimension % a new key
'title label text', which allows fine-tuning of title label formatting
% compatibility with the amsgen package
The package allows the user to manually markup changes of text,
such as additions, deletions, or replacements. Changed text is
shown in a different colour; deleted text is crossed out. The
package allows definition of additional authors and their
associated colour. It also allows you to define a markup for
authors or annotations. A bash script is provided for removing
the changes.
1.7.3:
Bugs fixed
* autodoc loses the first staticmethod parameter
* autosummary: too wide two column tables in PDF builds
* Latex customization via _templates/longtable.tex_t is broken
* imgconverter: confused by convert.exe of Windows
* On windows, Sphinx crashed when drives of srcdir and outdir are different
* autodoc ignores type annotated variables
* wrong URLs on warning messages
* latex: latex_show_urls assigns incorrect footnote numbers if hyperlinks exists inside substitutions
* latex with class memoir Error: Font command \sf is not supported
* latex: too slow in proportion to number of auto numbered footnotes
* htmlhelp: The entries in .hhp file is not ordered
* toctree directive tries to glob for URL having query_string
* html search: Upper characters problem in German
* latex: Compilation for German docs failed with LuaLaTeX and XeLaTeX
* duplicated labels detector does not work well in parallel build
* Crashed with extension which returns invalid metadata
2.12.0:
Incompatible changes
The deprecated CLI options "-tdf", "-no-kvm-pit" and "-drive boot=on|off" have been removed (they only emitted a warning since QEMU 1.3.0).
The deprecated CLI option "-net channel" has been removed. You can use "-netdev user,guestfwd=..." instead.
The deprecated CLI option "-hdachs" has been removed. You can specify the disk geometry e.g. via -device ide-hd,cyls=c,heads=h,secs=s instead.
The deprecated way of configuring SCSI devices with "-drive if=scsi" on x86 has been removed. Use an appropriate SCSI controller together "-device scsi-hd" or "-device scsi-cd" and a corresponding "-blockdev" parameter instead.
The deprecated way of configuring a "host", "serial", "disk" or "net" USB device with "-usbdevice" has been removed. Use "-device usb-..." instead.
The deprecated HMP commands "usb_add" and "usb_del" have been removed. Use "device_add" and "device_del" as replacement instead.
The deprecated HMP commands "host_net_add" and "host_net_remove" have been removed. Use "netdev_add" and "netdev_remove" instead.
The deprecated way of dumping network traffic with "-net dump" has been removed. Use "-object filter-dump" instead.
The deprecated "spapr-pci-vfio-host-bridge" device has been removed (from qemu-system-ppc64). It is not needed for vfio since QEMU v2.6.0 anymore.
Deprecated options and features
qemu-system-ppcemb is deprecated. Use qemu-system-ppc instead.
The parameters "serial", "trans", "secs", "heads", "cyls" and "addr" of the "-drive" option are now deprecated. Use the corresponding options of "-device" instead.
The "-nodefconfig" option is now deprecated. Use "-no-user-config" instead.
The "-s390-squash-mcss" parameter for the s390-ccw-virtio machine is now deprecated. It has been made obsolete by allowing to put any device into any channel subsystem image (unrestricted cssids).
The parameter "handle" of the "-fsdev" and "-virtfs" options is now depecrated. Use "local" instead.
The qmp command "query-cpus" is now deprecated. Use the new "query-cpus-fast" qmp command instead, which does not interrupt all running vCPUs. (However, there is a known bug that in 2.12, the "query-cpus-fast" command reports bogus architecture information for all architectures except "x86" and "s390".)
While "-net" is not deprecated yet, you are encouraged to use the new option "-nic" instead of "-net", as it provides a simpler and better interface ("-nic user" replaces the old "-net nic -net user").
The "-no-frame" parameter is now deprecated and will be removed together with SDL 1.2 in a future release.
The "-balloon" parameter is deprecated, use "-device virtio-balloon" instead.
The "-rtc-td-hack", "-localtime" and "-startdate" parameters are deprecated. You can use the "-rtc" parameter instead.
The "handle" backend for 9pfs is deprecated.
Consult the "Deprecated Features" appendix for the full list of historically deprecated features/options.
Future incompatible changes
Three options are using different names on the command line and in configuration file. In particular:
The "acpi" configuration file section matches command-line option "acpitable";
The "boot-opts" configuration file section matches command-line option "boot";
The "smp-opts" configuration file section matches command-line option "smp".
-readconfig will standardize on the name for the command line option.
Behavior of automatic calculation of SMP topology when some SMP topology options for -smp are omitted (sockets, cores, threads) will change in the future. If guest ABI needs to be preserved on upgrades while using the SMP topology options, users should either set set all options explicitly (sockets, cores, threads), or omit all of them.
Devices "allwinner-a10", "pc87312", "ssi-sd" will be configured with explicit properties instead of implicitly. This is unlikely to affect users.
For x86, specifying a CPUID feature with both "+feature/-feature" and "feature=on/off" will cause a warning. The current behavior for this combination ("+feature/-feature" wins over "feature=on/off") will be changed so that "+feature" and "-feature" will be synonyms for "feature=on" and "feature=off" respectively).
The read-only block drivers "bochs", "cloop" and "dmg" as well as "rbd" and "vvfat" in certain read-only configurations will no longer enable read-only mode automatically. It will be necessary to specify "read-only=on" explicitly on the command line and in QMP commands for the setup to keep working; the default "read-only=off" setting will result in an error.
On s390x, using KVM with a Linux host kernel version < 3.15 has been broken since QEMU version 2.10. This will not be fixed unless a need is communicated (otherwise the code will be removed in the near future, so that you need at least Linux kernel version 3.15 on the host to run KVM on System z)
10.0.1:
Features
Switch the default repository to the new "PyPI 2.0" running at https://pypi.org/.
Bug Fixes
Fix a bug that made get-pip.py unusable on Windows without renaming.
Fix a TypeError when loading the cache on older versions of Python 2.7.
Fix and improve error message when EnvironmentError occurs during installation.
A crash when reinstalling from VCS requirements has been fixed.
Fix PEP 518 support when pip is installed in the user site.
Vendored Libraries
Upgrade distlib to 0.2.7
Pytest 3.5.1:
Bug Fixes
Reset sys.last_type, sys.last_value and sys.last_traceback before each test executes. Those attributes are added by pytest during the test run to aid debugging, but were never reset so they would create a leaking reference to the last failing test’s frame which in turn could never be reclaimed by the garbage collector.
pytest.raises now raises TypeError when receiving an unknown keyword argument.
pytest.raises now works with exception classes that look like iterables.
Improved Documentation
Fix typo in caplog fixture documentation, which incorrectly identified certain attributes as methods.
Trivial/Internal Changes
Added a more indicative error message when parametrizing a function whose argument takes a default value.
Remove internal _pytest.terminal.flatten function in favor of more_itertools.collapse.
Import some modules from collections.abc instead of collections as the former modules trigger DeprecationWarning in Python 3.7.
record_property is no longer experimental, removing the warnings was forgotten.
Mention in documentation and CLI help that fixtures with leading _ are printed by pytest --fixtures only if the -v option is added.
Version 3.0.3:
--------------
* VTODO COMPLETED property can be a DATE-TIME or DATE (for backward compatibility)
* Improved recurrence iteration
Version 3.0.2:
--------------
* No longer attempt to detect the need for -DUSE_32BIT_TIME_T with MSVC
* New CMake option ICAL_BUILD_DOCS which can be used to disable the docs target
* Fix threading hang in BSD type systems (OpenBSD, MacOS,...)
* Build with Ninja improvements
Version 3.0.1:
--------------
* Built-in timezones updated to tzdata2017c
* Fix a multi-threaded deadlock in icaltimezone_load_builtin_timezone()
* Fix a CMake problem with parallel builds
Version 3.0.0:
--------------
* Relicense from MPL 1.0 to MPL 2.0 (keep dual license for LGPL v2.1)
* Requires CMake v3.1.0 or higher along with various CMake and buildsystem fixes
* Added a 'make uninstall'
* Fixed use-after-free issues and some memory leaks
* Built-in timezones updated to tzdata2017b
* More accurate VTIMEZONE generation when using the system time zone data (when
USE_BUILTIN_TZDATA=False)
* icalvalue_as_ical_string() returns "TRUE" (non-zero) or "FALSE" (zero) values only.
* New icalvalue.h convenience macros: ICAL_BOOLEAN_TRUE and ICAL_BOOLEAN_FALSE
* Better value type checking of property values when parsing
* icalvalue_new/set_date and icalvalue_new/set_datetime now enforce DATE and DATE-TIME
values respectively
* draft-ietf-calext-extensions (RFC 7986) support added
* Parameter values are now en/decoded per RFC 6868
* Removed is_utc from icaltimetype struct
* Set icaltimetype.zone to icaltimezone_get_utc_timezone() to change a time to UTC
* Use icaltime_is_utc() to check if a time is in UTC
* Added support for VPATCH component
* New publicly available functions:
+ icalproperty_set_parent (icalproperty_get_parent was already public)
+ icalvalue_get_parent (icalvalue_set_parent was already public)
+ icalparameter_set_parent
+ icalparameter_get_parent
+ icalvalue_new_datetimedate (DATE or DATE-TIME)
+ icalvalue_set_datetimedate
+ icalvalue_get_datetimedate
+ icalrecur_iterator_set_start
+ icalcomponent_normalize()
+ icalproperty_normalize()
* Removed deprecated functions:
+ icaltime_from_timet (use icaltime_from_timet_with_zone)
+ icaltime_start_day_of_week (use icaltime_start_day_week)
+ icalproperty_remove_parameter (use icalproperty_remove_parameter_by_kind)
+ icalproperty_string_to_enum (use icalproperty_kind_and_string_to_enum)
* Signature changed for functions:
+ VObject *Parse_MIME_FromFileName(const char *fname)
+ icalgauge *icalgauge_new_from_sql(const char *sql, int expand)
+ const char *icallangbind_property_eval_string(icalproperty *prop, const char *sep)
+ const char *icallangbind_property_eval_string_r(icalproperty *prop, const char *sep)
+ void set_zone_directory(const char *path)
+ icalcalendar *icalcalendar_new(const char *dir)
+ int icalrecur_expand_recurrence(const char *rule, time_t start, int count, time_t *array)
Version 2.0.0:
--------------
* WARNING: Version 2 IS NOT Binary Compatible with Older Versions
* Version 2 is Source Compatible with Older Versions
* Lots of source code scrubbing
* [New] RSCALE support (requires libicu from http://www.icu-project.org)
* [New] CalDAV attachment support (draft-ietf-calext-caldav-attachments)
* [New] Resurrect the Berkeley DB storage support
* [Bug] issue83: Incorrect recurrence generation for weekly pattern
* Handle RRULEs better
* Handle threading better
5.3:
Iterating a Countries object now returns named tuples. This makes things nicer when using {% get_countries %} or using the country list elsewhere in your code.
- Added ValuesList for representing values lists.
- DateTimeField, DateField and TimeField will parse formatted-string
before sending to the database. Previously this only occurred when
reading values from the database.
Contao 4.5.7 (2018-04-04)
Contao version 4.5.7 is available. The bugfix release fixes a few minor
issues including a problem with validating the request token and a problem
with rendering custom layout sections.
Contao 4.5.8 (2018-04-18)
Contao version 4.5.8 is available. The bugfix release fixes an XSS
vulnerability in the system log of the back end (CVE-2018-10125).
CVE-2018-10125
With a manipulated request, an attacker can implant a script which is executed
when a logged in back end user opens the system log. The attacker themselves
does not have to be logged in.
The problem affects Contao 3.0.0 to 3.5.34, 4.0.0 to 4.4.17 and 4.5.0 to
4.5.7. We highly recommend you to update.
Contao 4.4.17 (2018-04-04)
Contao version 4.4.17 is available. The bugfix release fixes a few minor
issues including a problem with rendering custom layout sections.
Contao 4.4.18 (2018-04-18)
Contao version 4.4.18 is available. The bugfix release fixes an XSS
vulnerability in the system log of the back end (CVE-2018-10125).
CVE-2018-10125
With a manipulated request, an attacker can implant a script which is executed
when a logged in back end user opens the system log. The attacker themselves
does not have to be logged in.
The problem affects Contao 3.0.0 to 3.5.34, 4.0.0 to 4.4.17 and 4.5.0 to
4.5.7. We highly recommend you to update.
Version 3.5.35 (2018-04-18)
---------------------------
### Fixed
Fix an XSS vulnerability in the system log (see CVE-2018-10125).
CVE-2018-10125
With a manipulated request, an attacker can implant a script which is executed
when a logged in back end user opens the system log. The attacker themselves
does not have to be logged in.
The problem affects Contao 3.0.0 to 3.5.34, 4.0.0 to 4.4.17 and 4.5.0 to
4.5.7. We highly recommend you to update.
This is a security update to the stable version 1.2. It fixes a recently
reported vulnerability allowing IMAP command injection via a GET parameters.
More details about this are published under CVE-2018-9846.
The second fix is about a missed remote content blocking on HTML messages with
specially crafted image and style tags.
We strongly recommend to update all productive installations of Roundcube
1.2.x. Please do backup your data before updating!
CHANGELOG
* Fix check_request() bypass in places using get_uids() [CVE-2018-9846]
(#6238)
* Fix possible IMAP command injection vulnerability [CVE-2018-9846] (#6229)
* Fix security issue in remote content blocking on HTML image and style tags
(#6178)
Upstream changes:
1.19 2018-04-21
- Fix handling of a locale (nds) that does not provide a native name for its
own locale code. This is a bug in CLDR, but since it exists we should handle
it sanely.
- If you attempted to thaw a DateTime::Locale::FromData object in a process
that had not loaded DateTime::Locale this would fail. Reported by Gregor
Herrmann. GH #18.
