renamed py-redis-py to py-redis
2.10.5
* Allow URL encoded parameters in Redis URLs. Characters like a "/" can
now be URL encoded and redis-py will correctly decode them.
* Added support for the WAIT command.
* Better shutdown support for the PubSub Worker Thread. It now properly
cleans up the connection, unsubscribes from any channels and patterns
previously subscribed to and consumes any waiting messages on the socket.
* Added the ability to sleep for a brief period in the event of a
WatchError occuring.
* Fixed a bug with pipeline error reporting when dealing with characters
in error messages that could not be encoded to the connection's
character set.
* Fixed a bug in Sentinel connections that would inadvertantly connect
to the master when the connection pool resets.
* Better timeout support in Pubsub get_message.
* Fixed a bug with the HiredisParser that would cause the parser to
get stuck in an endless loop if a specific number of bytes were
delivered from the socket. This fix also increases performance of
parsing large responses from the Redis server.
* Added support for ZREVRANGEBYLEX.
* ConnectionErrors are now raised if Redis refuses a connection due to
the maxclients limit being exceeded.
* max_connections can now be set when instantiating client instances.
Bug fixes:
- added an assertion that VTIMEZONE sub-components' DTSTART must be of type
DATETIME
- Fix handling of VTIMEZONEs with subcomponents with the same DTSTARTs and
OFFSETs but which are of different types
gevent.httplib support was removed in gevent 1.0, geventhttpclient now provides
that missing functionality.
geventhttpclient uses a fast http parser, written in C, originating from nginx,
extracted and modified by Joyent.
geventhttpclient has been specifically designed for high concurrency, streaming
and support HTTP 1.1 persistent connections. More generally it is designed for
efficiently pulling from REST APIs and streaming APIs like Twitter's.
Safe SSL support is provided by default. geventhttpclient depends on the
certifi CA Bundle. This is the same CA Bundle which ships with the Requests
codebase, and is derived from Mozilla Firefox's canonical set.
- Testing on Python 3.5 now uses Python 3.5.3 due to SSL changes. See
:issue:`943`.
- Linux CI has been updated from Ubuntu 12.04 to Ubuntu 14.04 since
the former has reached EOL.
- Linux CI now tests on PyPy2 5.7.1, updated from PyPy2 5.6.0.
- Linux CI now tests on PyPy3 3.5-5.7.1-beta, updated from PyPy3
3.3-5.5-alpha.
- Python 2 sockets are compatible with the ``SOCK_CLOEXEC`` flag found
on Linux. They no longer pass the socket type or protocol to
``getaddrinfo`` when ``connect`` is called. Reported in :issue:`944`
by Bernie Hackett.
- Replace ``optparse`` module with ``argparse``. See :issue:`947`.
- Update to version 1.3.1 of ``tblib`` to fix :issue:`954`,
reported by ml31415.
- Fix the name of the ``type`` parameter to
:func:`gevent.socket.getaddrinfo` to be correct on Python 3. This
would cause callers using keyword arguments to raise a :exc:`TypeError`.
Reported in :issue:`960` by js6626069. Likewise, correct the
argument names for ``fromfd`` and ``socketpair`` on Python 2,
although they cannot be called with keyword arguments under CPython.
.. note:: The ``gethost*`` functions take different argument names
under CPython and PyPy. gevent follows the CPython
convention, although these functions cannot be called with
keyword arguments on CPython.
- The previously-singleton exception objects ``FileObjectClosed`` and
``cancel_wait_ex`` were converted to classes. On Python 3, an
exception object is stateful, including references to its context
and possibly traceback, which could lead to objects remaining alive
longer than intended.
- Make sure that ``python -m gevent.monkey <script>`` runs code in the
global scope, not the scope of the ``main`` function.
Bug Fixes
* Fixed a bug in failing to compute rolling computations of a column-MultiIndexed DataFrame
* Fixed a pytest marker failing downstream packages’ tests suites
Conversion
* Bug in pickle compat prior to the v0.20.x series, when UTC is a timezone in a Series/DataFrame/Index
* Bug in Series construction when passing a Series with dtype='category'.
* Bug in DataFrame.astype() when passing a Series as the dtype kwarg..
Indexing
* Bug in Float64Index causing an empty array instead of None to be returned from .get(np.nan) on a Series whose index did not contain any NaN s
* Bug in MultiIndex.isin causing an error when passing an empty iterable
* Fixed a bug in a slicing DataFrame/Series that have a TimedeltaIndex
I/O
* Bug in read_csv() in which files weren’t opened as binary files by the C engine on Windows, causing EOF characters mid-field, which would fail
* Bug in read_hdf() in which reading a Series saved to an HDF file in ‘fixed’ format fails when an explicit mode='r' argument is supplied
* Bug in DataFrame.to_latex() where bold_rows was wrongly specified to be True by default, whereas in reality row labels remained non-bold whatever parameter provided.
* Fixed an issue with DataFrame.style() where generated element ids were not unique
* Fixed loading a DataFrame with a PeriodIndex, from a format='fixed' HDFStore, in Python 3, that was written in Python 2
Plotting
* Fixed regression that prevented RGB and RGBA tuples from being used as color arguments
* Fixed an issue with DataFrame.plot.scatter() that incorrectly raised a KeyError when categorical data is used for plotting
Reshaping
* PeriodIndex / TimedeltaIndex.join was missing the sort= kwarg
* Bug in joining on a MultiIndex with a category dtype for a level.
* Bug in merge() when merging/joining with multiple categorical columns
Categorical
* Bug in DataFrame.sort_values not respecting the kind parameter with categorical data
From the changelog against 2.2.4:
## New features:
- When appending EXIF data to an exported image, do not fail if reading of EXIF from the original file fails
- Support XYZ as proofing profile
- Clear DerivedFrom from XMP before writing it
- bauhaus: when using soft bounds, keep slider step constant
## Bugfixes:
- Some GCC7 build fixes
- cmstest: fix crash when missing XRandR extension.
- Fix crash in Lua libs when collapsing libs
- Mac packaging: some fixes
- RawSpeed: TiffIFD: avoid double-free
- Fix a few alloc-dealloc mismatches
## Base Support:
- Canon EOS 77D
- Canon EOS 9000D
- Nikon D500 (14bit-uncompressed, 12bit-uncompressed)
- Nikon D5600 (12bit-compressed, 12bit-uncompressed, 14bit-compressed, 14bit-uncompressed)
- Panasonic DC-FZ82 (4:3)
- Panasonic DMC-FZ80 (4:3)
- Panasonic DMC-FZ85 (4:3)
- Panasonic DC-GH5 (4:3)
## White Balance Presets:
- Pentax K-3 II
## Noise Profiles:
- Nikon D500
- Panasonic DMC-FZ300
- Panasonic DMC-LX100
- Pentax K-70
- Sony ILCE-5000
- bump version to 4.24, as the release tarball inexplicably
didn't have the right version in ev.h, even though the cvs-tagged
version did have the right one
4.23:
- move some declarations at the beginning to help certain retarded
microsoft compilers, even though their documentation claims
otherwise
api-change:apigateway: Update apigateway command to latest version
api-change:ec2: Update ec2 command to latest version
api-change:lex-models: Update lex-models command to latest version
api-change:ec2: Update ec2 client to latest version
api-change:apigateway: Update apigateway client to latest version
api-change:lex-models: Update lex-models client to latest version
Encoder enhancements
--------------------
1. Improved grain handling with :option:`--tune` grain option by throttling VBV operations to limit QP jumps.
2. Frame threads are now decided based on number of threads specified in the :option:`--pools`, as opposed to the number of hardware threads available. The mapping was also adjusted to improve quality of the encodes with minimal impact to performance.
3. CSV logging feature (enabled by :option:`--csv`) is now part of the library; it was previously part of the x265 application. Applications that integrate libx265 can now extract frame level statistics for their encodes by exercising this option in the library.
4. Globals that track min and max CU sizes, number of slices, and other parameters have now been moved into instance-specific variables. Consequently, applications that invoke multiple instances of x265 library are no longer restricted to use the same settings for these parameter options across the multiple instances.
5. x265 can now generate a seprate library that exports the HDR10+ parsing API. Other libraries that wish to use this API may do so by linking against this library. Enable ENABLE_HDR10_PLUS in CMake options and build to generate this library.
6. SEA motion search receives a 10% performance boost from AVX2 optimization of its kernels.
7. The CSV log is now more elaborate with additional fields such as PU statistics, average-min-max luma and chroma values, etc. Refer to documentation of :option:`--csv` for details of all fields.
8. x86inc.asm cleaned-up for improved instruction handling.
API changes
-----------
1. New API x265_encoder_ctu_info() introduced to specify suggested partition sizes for various CTUs in a frame. To be used in conjunction with :option:`--ctu-info` to react to the specified partitions appropriately.
2. Rate-control statistics passed through the x265_picture object for an incoming frame are now used by the encoder.
3. Options to scale, reuse, and refine analysis for incoming analysis shared through the x265_analysis_data field in x265_picture for runs that use :option:`--analysis-reuse-mode` load; use options :option:`--scale`, :option:`--refine-mv`, :option:`--refine-inter`, and :option:`--refine-intra` to explore.
4. VBV now has a deterministic mode. Use :option:`--const-vbv` to exercise.
Bug fixes
---------
1. Several fixes for HDR10+ parsing code including incompatibility with user-specific SEI, removal of warnings, linking issues in linux, etc.
2. SEI messages for HDR10 repeated every keyint when HDR options (:option:`--hdr-opt`, :option:`--master-display`) specified.
1.25.2
------
- libmpg123:
-- Extend pow tables for layer III to properly handle files with i-stereo and
5-bit scalefactors. Never observed them for real, just as fuzzed input to
trigger the read overflow. Note: This one goes on record as CVE-2017-11126,
calling remote denial of service. While the accesses are out of bounds for
the pow tables, they still are safely within libmpg123's memory (other
static tables). Just wrong values are used for computation, no actual crash
unless you use something like GCC's AddressSanitizer, nor any information
disclosure.
-- Avoid left-shifts of negative integers in layer I decoding.
1.25.1: Hot Fuzz
-------
- libmpg123:
-- Avoid memset(NULL, 0, 0) to calm down the paranoid.
-- Fix bug 252, invalid read of size 1 in ID3v2 parser due to forgotten
offset from the frame flag bytes (unnoticed in practice for a long
time). Fuzzers are in the house again. This one got CVE-2017-10683.
-- Avoid a mostly harmless conditional jump depending on uninitialised
fr->lay in compute_bpf() (mpg123_position()) when track is not ready yet.
-- Fix undefined shifts on signed long mask in layer3.c (worked in practice,
never right in theory). Code might be a bit faster now, even.
Thanks to Agostino Sarubbo for reporting.
1.25.0: MP3 now patent-free worldwide!
-------
- Silence test for artsc-config if it is not there.
- Make sure -static-libgcc from LDFLAGS gets through libtool,
fixing 32 bit Windows builds (depend on libgcc DLL otherwise).
- Fix build with non-GNU make by using plain rm -f instead of silly $(RM)
in libout123/modules makefile fragment.
- Make build work on iOS, including coreaudio backend.
- libmpg123:
-- Finally provide position-independent code for x86 with assembly
optimisations.The textrels are gone thanks to Won Kyu Park and Taihei Momma.
-- Clarify some license language in files descending from the original MMX
optimisation.
-- Fix return value overflow check for MPG123_BUFFERFILL.
-- Introduced mpg123_getformat2() to enable the FORMAT command
for the generic control not stealing MPG123_NEW_FORMAT from the main
playback loop. The sequence LOADPAUSED-FORMAT-PAUSE (play) is supposed
to work now.
-- Enable aarch64 optimisations on *BSD by default, too. You can always
override that stupid OS whitelist using --with-optimization, anyway.
-- Use of the i486 decoder is now discouraged more prominently, in configure
output.
- out123: Fix stupid crash with verbose mode and tone generation (print
the string if the pointer is non-null, not if it is null).
- libout123: More consistent error messages for dynamic and legacy
(built-in) modules. Namely, you get a hint how if you choose a different
module than the built-in ones for a static libout123.
From 717df38fd8509bf883b70d680c9b1b3cf36732ee Mon Sep 17 00:00:00 2001
From: Bastien Nocera <hadess@hadess.net>
Date: Thu, 6 Jul 2017 20:02:00 +0200
Subject: [PATCH] comics: Remove support for tar and tar-like commands
When handling tar files, or using a command with tar-compatible syntax,
to open comic-book archives, both the archive name (the name of the
comics file) and the filename (the name of a page within the archive)
are quoted to not be interpreted by the shell.
But the filename is completely with the attacker's control and can start
with "--" which leads to tar interpreting it as a command line flag.
This can be exploited by creating a CBT file (a tar archive with the
.cbt suffix) with an embedded file named something like this:
"--checkpoint-action=exec=bash -c 'touch ~/hacked;'.jpg"
CBT files are infinitely rare (CBZ is usually used for DRM-free
commercial releases, CBR for those from more dubious provenance), so
removing support is the easiest way to avoid the bug triggering. All
this code was rewritten in the development release for GNOME 3.26 to not
shell out to any command, closing off this particular attack vector.
This also removes the ability to use libarchive's bsdtar-compatible
binary for CBZ (ZIP), CB7 (7zip), and CBR (RAR) formats. The first two
are already supported by unzip and 7zip respectively. libarchive's RAR
support is limited, so unrar is a requirement anyway.
Discovered by Felix Wilhelm from the Google Security Team.
https://bugzilla.gnome.org/show_bug.cgi?id=784630
Bump PKGREVISION
v0.8.5 2017/07/10
* Improved error message for MissingPluralizationKey error - See #371
* Fixed a thread issue when calling translate when fallbacks were enabled -
See #369
v0.8.6 2017/07/10
* Fixed a small regression introduced in v0.8.5 when using fallbacks - See
#378
Byebug is a simple to use, feature rich debugger for Ruby 2. It uses the new
TracePoint API for execution control and the new Debug Inspector API for call
stack navigation, so it doesn't depend on internal core sources. It's developed
as a C extension, so it's fast. And it has a full test suite so it's reliable.
It allows you to see what is going on _inside_ a Ruby program while it executes
and offers many of the traditional debugging features such as:
* Stepping: Running your program one line at a time.
* Breaking: Pausing the program at some event or specified instruction, to
examine the current state.
* Evaluating: Basic REPL functionality, although [pry] does a better job at
that.
* Tracking: Keeping track of the different values of your variables or the
different lines executed by your program.
