Changelog:
New in NSS 3.30:
================
* In the PKCS#11 root CA module (nssckbi), CAs with positive trust are
marked with a new boolean attribute, CKA_NSS_MOZILLA_CA_POLICY, set to
true. Applications that need to distinguish them from other other root CAs
may use the exported function PK11_HasAttributeSet.
* Support for callback functions that can be used to monitor SSL/TLS alerts
that are sent or received.
Notable Changes:
================
* The TLS server code has been enhanced to support session tickets when no
RSA certificate is configured.
* RSA-PSS signatures produced by key pairs with a modulus bit length that
is not a multiple of 8 are now supported.
* The pk12util tool now supports importing and exporting data encrypted in
the AES based schemes defined in PKCS#5 v2.1.
Changelog:
NSPR 4.14 contains the following changes:
- a socket without PR_NSPR_IO_LAYER will no longer trigger
an assertion when polling
- the PRNetAddr structure has been extended on Windows
- allow sending a zero size UDP message on Windows
Summary of changes since dhcpcd-6.11.5:
* source file locations reworked:
dhcpcd source is in src
dhcpcd hooks are in hooks
compat is in compat
* README split into README.md and BUILDING.md
* internal routing is now protocol agnostic
* avoid using __packed and use compile time asserts instead
* addresses some alignment issues
* disable some ARP code on kernels which support RFC5227
* BSD IPv6 kernel settings are now updated to reflect dhcpcd config
* custom logger has been removed, syslog handles everything
as such, the --logfile option has been removed as well.
If you need better/earlier logging, get a better syslogger!
* distinfo and signed distinfo files are now available alongside
release taraballs from this point onwards
* default DBDIR has changed from /var/db to /var/db/dhcpcd
* /etc/dhcpcd.duid moves to DBDIR/duid
* /etc/dhcpcd.secret moves to DBDIR/secret
* lease file names have dhcpcd removed from them as they are now
inside a directory of the same name
* fixed issues with reject routes not working on some platforms
* improved nl80211 support on Linux for working out the SSID
* no longer request NTP by default in dhcpcd.conf
* fix detecting IPv6 DAD on OpenBSD
* remove custom Solaris DLPI filtering in favour of BPF
(note there seems to be a kernel issue where the DHCP
fd receives ARP's as well, the only side effect is
a noisy syslog)
* BPF filtering vastly improved so dhcpcd only wake up on
ARP or DHCP packets destined for it
* support for MUD URL (draft-ietf-opsawg-mud-05)
* if the kernel isn't doing DAD, don't insist on waiting for it
to actually do it
* fix a potential crash where the DHCP or ARP states could be
freed before the packet processing loop naturally breaks
* removed gateway and nogateway options
(these can be controlled by the nooption directive which
works for more than just gateways)
* removed ipv6ra_own and ipv6ra_own_default options
(these can be controled by the ipv6rs/noipv6rs directive)
* fix a memory leak on systems where posix_spawnattr_init
allocates memory by calling posix_spawnattr_destroy afterwards
* fix a crash receiving SIGUSR1
dnsdist is a highly DNS-, DoS- and abuse-aware loadbalancer. Its
goal in life is to route traffic to the best server, delivering top
performance to legitimate users while shunting or blocking abusive
traffic.
libdrm 2.4.76 has been released.
This release is required for upcoming Radeon Vega GPUs.
Adam Jackson (1):
configure: Explicitly check for pkg-config at the top level
Alex Xie (3):
amdgpu: Free/uninit vamgr_32 in theoretically correct order
amdgpu: vamgr_32 can be a struct instead of a pointer
amdgpu: vamgr can be a struct instead of a pointer
Chris Wilson (3):
intel: Move is_softpin to obj->kflags
intel: Move 48b support to bo_gem->kflags
intel: Add handle to hashtable before freeing along an error path
Christian König (1):
amdgpu: stop reading CC_RB_BACKEND_DISABLE on Vega10
Emil Velikov (2):
Remove unused tests/drmstat.c
headers: add explicit note against local changes in the README
Eric Engestrom (2):
autogen.sh: don't print old git-config values
autogen.sh: run git commands in the (potentially) git dir
Huang Rui (2):
amdgpu: don't read registers not present on Vega10
tests/amdgpu: fix the count number for vega10
Junwei Zhang (1):
tests/amdgpu: add Polaris12 support for cs test
Leo Liu (3):
tests/amdgpu: add uvd unit test support for vega10
tests/amdgpu: add vce unit test support for vega10
amdgpu_drm: add AMDGPU_HW_IP_UVD_ENC
Marek Olšák (3):
amdgpu: sync amdgpu_drm.h with kernel 4.11-rc2
amdgpu: update amdgpu_drm.h for Vega10
configure.ac: bump version for release
Rob Clark (3):
freedreno: fix potential use-after-free on a5xx+
freedreno: valgrind support
freedreno: fix device close issues
Thomas Hindoe Paaboel Andersen (1):
intel: avoid null pointer dereference
A library was removed; recursive bump will follow soon.
Noteworthy changes in version 1.8.0 (2016-11-16)
------------------------------------------------
* The module of the Python bindings has been renamed to 'gpg'.
* New interface to query current software versions.
* New feature to use gpg's --{show,override}session-key options.
* New interface to set the sender of a mail.
* qt: Added Distinguished Name parser from libkleo
* The --homedir option is now used with recent gpgconf versions.
* On 64 bit Windows systems gpgconf is now properly located.
* The internal locking functions have been replaced by libgpg-error
locking functions.
* Interface changes relative to the 1.7.1 release:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
gpgme_set_sender NEW.
gpgme_get_sender NEW.
gpgme_op_query_swdb NEW.
gpgme_op_query_swdb_result NEW.
gpgme_query_swdb_result_t NEW.
gpgme_get_ctx_flag NEW.
gpgme_decrypt_result_t EXTENDED: New field session_key.
qt: DN NEW.
qt: DN::Attribute NEW.
qt: Job::context(Job*) NEW.
cpp: EngineInfo::Version::Version(const char*) NEW.
cpp: EngineInfo::Version::Version() NEW.
cpp: SwdbResult NEW.
cpp: Context::setSender(const char*) NEW.
cpp: Context::getSender() NEW.
[c=C28/A17/R0 cpp=C9/A3/R0 qt=C8/A1/R0]
Noteworthy changes in version 1.7.1 (2016-10-18)
------------------------------------------------
* Fixed problems with the new language bindings.
* New helper function gpgme_addrspec_from_uid.
* Use option --exit-on-status-write-error with newer gpg versions.
* qt: Missed API from the Qt Binding inclusion has
been added again.
* qt: abstractimportjob.h is now installed to that
ImportJobs can be used again.
* qt: Fixed spelling error in API (startReceive).
* Interface changes relative to the 1.7.0 release:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
gpgme_addrspec_from_uid NEW.
qt: WksPublishJob::startRecieve RENAMED to ::startReceive.
qt: MultiDeleteJob NEW.
qt: AbstractImportJob NEW.
qt: SpecialJob NEW.
cpp: Signature::key(bool, bool) NEW.
cpp: UserID::addrSpecFromString(const char*) NEW.
cpp: UserID::addrSpec() NEW.
[c=C27/A16/R0 cpp=C8/A2/R0 qt=C7/A0/R0]
Noteworthy changes in version 1.7.0 (2016-09-21)
------------------------------------------------
* New language bindings for Python 2 and 3.
* New language Bindings for C++ and the Qt-Framework API.
* New functions gpgme_op_createkey and gpgme_op_createsubkey to make
key creation easier (requires GnuPG 2.1).
* New functions gpgme_op_adduid and gpgme_op_revuid to make user id
management easier (requires GnuPG 2.1).
* New function gpgme_op_keysign to make key signing easier (requires
GnuPG 2.1).
* New function gpgme_op_interact to replace the now deprecated
functions gpgme_op_edit and gpgme_op_card_edit.
* New function gpgme_pubkey_algo_string to convert a public key
algorithm into a GnuPG 2.1 style string.
* Support for GnuPG 2.1's TOFU trust model.
* Notation flags are now correctly set on verify.
* New global flag "require-gnupg" to set a minimal gnupg version.
* More supported items in gpgme_get_dirinfo.
* New function gpgme_data_set_flag and flag "size-hint".
* New function gpgme_set_ctx_flag and flags "full-status" and
"raw-description".
* Improved gpgme_data_identify to distinguish more file types.
* New flag GPGME_ENCRYPT_SYMMETRIC for gpgme_op_encrypt to allow
mixed public key and symmetric encryption.
* New field KEYGRIP in gpgme_subkey_t. New fields FPR in gpgme_key_t.
* New flag GPGME_DATA_ENCODING_MIME to declare that the encrypted or
signed data is a valid MIME part. This is to support future GnuPG
versions.
* Interface changes relative to the 1.6.0 release:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
gpgme_pubkey_algo_string NEW.
GPGME_PK_EDDSA NEW.
gpgme_set_ctx_flag NEW.
gpgme_data_set_flag NEW.
gpgme_op_createkey NEW.
gpgme_op_createkey_start NEW.
gpgme_op_createsubkey NEW.
gpgme_op_createsubkey_start NEW.
gpgme_op_adduid_start NEW.
gpgme_op_adduid NEW.
gpgme_op_revuid_start NEW.
gpgme_op_revuid NEW.
gpgme_op_keysign_start NEW.
gpgme_op_keysign NEW.
gpgme_op_tofu_policy_start NEW.
gpgme_op_tofu_policy NEW.
gpgme_op_interact_start NEW.
gpgme_op_interact NEW.
gpgme_interact_cb_t NEW.
gpgme_op_edit_start DEPRECATED.
gpgme_op_edit DEPRECATED.
gpgme_op_card_edit_start DEPRECATED.
gpgme_op_card_edit DEPRECATED.
gpgme_edit_cb_t DEPRECATED.
gpgme_status_code_t DEPRECATED.
gpgme_genkey_result_t EXTENDED: New fields pubkey and seckey.
gpgme_signature_t EXTENDED: New field key.
gpgme_key_t EXTENDED: New field fpr.
gpgme_subkey_t EXTENDED: New field keygrip.
gpgme_user_id_t EXTENDED: New field tofu.
gpgme_tofu_policy_t NEW.
gpgme_tofu_info_t NEW.
GPGME_STATUS_KEY_CONSIDERED NEW.
GPGME_STATUS_TOFU_USER NEW.
GPGME_STATUS_TOFU_STATS NEW.
GPGME_STATUS_TOFU_STATS_LONG NEW.
GPGME_STATUS_NOTATION_FLAGS NEW.
GPGME_KEYLIST_MODE_WITH_TOFU NEW.
GPGME_DATA_TYPE_PGP_ENCRYPTED NEW.
GPGME_DATA_TYPE_PGP_SIGNATURE NEW.
GPGME_DATA_ENCODING_MIME NEW.
GPGME_ENCRYPT_SYMMETRIC NEW.
GPGME_CREATE_SIGN NEW.
GPGME_CREATE_ENCR NEW.
GPGME_CREATE_CERT NEW.
GPGME_CREATE_AUTH NEW.
GPGME_CREATE_NOPASSWD NEW.
GPGME_CREATE_SELFSIGNED NEW.
GPGME_CREATE_NOSTORE NEW.
GPGME_CREATE_WANTPUB NEW.
GPGME_CREATE_WANTSEC NEW.
GPGME_CREATE_FORCE NEW.
GPGME_KEYSIGN_LOCAL NEW.
GPGME_KEYSIGN_LFSEP NEW.
GPGME_INTERACT_CARD NEW.
This is the fifteenth full release in the stable 9.x series.
Highlights in this release include:
* pdfwrite now preserves annotations from input PDFs (where possible).
* The GhostXPS interpreter now provides the pdfwrite device with the data it requires to emit a ToUnicode CMap: thus allowing fully searchable PDFs to be created from XPS input (in the vast majority of cases).
* Ghostscript now allows the default color space for PDF transparency blends.
* The Ghostscript/GhostPDL configure script now has much better/fuller support for cross compiling.
* The tiffscaled and tiffscaled4 devices can now use ETS (Even Tone Screening)
* The toolbin/pdf_info.ps utility can now emit the PDF XML metadata.
* Ghostscript has a new scan converter available (currently optional, but will become the default in a near future release). It can be enabled by using the command line option: '-dSCANCONVERTERTYPE=2'. This new implementation provides vastly improved performance with large and complex paths.
* The usual round of bug fixes, compatibility changes, and incremental improvements.
Changelog:
* Noteworthy changes in release 3.0 (2017-02-09) [stable]
** Bug fixes
grep without -F no longer goes awry when given two or more patterns
that contain no special characters other than '\' and also contain a
subpattern like '\.' that escapes a character to make it ordinary.
[bug introduced in grep 2.28]
grep no longer fails to build on PCRE versions before 8.20.
[bug introduced in grep 2.28]
* Noteworthy changes in release 2.28 (2017-02-06) [stable]
** Bug fixes
When grep -Fo finds matches of differing length, it could
mistakenly print a shorter one. Now it prints a longest one.
[bug introduced in grep-2.26]
When standard output is /dev/null, grep no longer fails when
standard input is a file in the Linux /proc file system, or when
standard input is a pipe and standard output is in append mode.
[bugs introduced in grep-2.27]
Fix performance regression with multiple patterns, e.g., for -Fi in
a multi-byte locale, or for -Fw in a single-byte locale.
[bugs introduced in grep-2.19, grep-2.22 and grep-2.26]
** Improvements
Improve performance for -E or -G pattern lists that are easily
converted to -F format.
Changelog:
GAS:
Changes in 2.28:
* Add support for the RISC-V architecture.
* Add support for the ARM Cortex-M23 and Cortex-M33 processors.
LD:
Changes in 2.28:
* The EXCLUDE_FILE linker script construct can now be applied outside of the
section list in order for the exclusions to apply over all input sections in
the list.
* Add support for the RISC-V architecture.
* The command line option --no-eh-frame-hdr can now be used in ELF based
linkers to disable the automatic generation of .eh_frame_hdr sections.
* Add --in-implib=<infile> to the ARM linker to enable specifying a set of
Secure Gateway veneers that must exist in the output import library specified
by --out-implib=<outfile> and the address they must have. As such,
--in-implib is only supported in combination with --cmse-implib.
* Extended the --out-implib=<file> option, previously restricted to x86 PE
targets, to any ELF based target. This allows the generation of an import
library for an ELF executable, which can then be used by another application
to link against the executable.
BINUTILS:
Changes in 2.28:
* Add support for locating separate debug info files using the build-id
method, where the separate file has a name based upon the build-id of
the original file.
* This version of binutils fixes a problem with PowerPC VLE 16A and 16D
relocations which were functionally swapped, for example,
R_PPC_VLE_HA16A performed like R_PPC_VLE_HA16D while R_PPC_VLE_HA16D
performed like R_PPC_VLE_HA16A. This could have been fixed by
renumbering relocations, which would keep object files created by an
older version of gas compatible with a newer ld. However, that would
require an ABI update, affecting other assemblers and linkers that
create and process the relocations correctly. It is recommended that
all VLE object files be recompiled, but ld can modify the relocations
if --vle-reloc-fixup is passed to ld. If the new ld command line
option is not used, ld will ld warn on finding relocations inconsistent
with the instructions being relocated.
* The nm program has a new command line option (--with-version-strings)
which will display a symbol's version information, if any, after the
symbol's name.
* The ARC port of objdump now accepts a -M option to specify the extra
instruction class(es) that should be disassembled.
* The --remove-section option for objcopy and strip now accepts section
patterns starting with an exclamation point to indicate a non-matching
section. A non-matching section is removed from the set of sections
matched by an earlier --remove-section pattern.
* The --only-section option for objcopy now accepts section patterns
starting with an exclamation point to indicate a non-matching section.
A non-matching section is removed from the set of sections matched by
an earlier --only-section pattern.
* New --remove-relocations=SECTIONPATTERN option for objcopy and strip.
This option can be used to remove sections containing relocations.
The SECTIONPATTERN is the section to which the relocations apply, not
the relocation section itself.
Changelog:
Fixed:
Use Nirmala UI as fallback font for additional Indic languages (Bug 1342787)
Fix loading tab icons on session restore (Bug 1338009)
Fix a crash on startup on Linux (Bug 1345413)
Fix new installs erroneously not prompting to change the default browser setting (Bug 1343938)
- buffer: The performance of .toJSON() is now up to 2859% faster on
average.
- IPC: Batched writes have been enabled for process IPC on platforms
that support Unix Domain Sockets.
- Performance gains may be up to 40% for some workloads.
- http: Control characters are now always rejected when using
http.request().
- node: Heap statistics now support values larger than 4GB.
=========================
Fixes since v2.12.1
-------------------
* "git status --porcelain" is supposed to give a stable output, but a
few strings were left as translatable by mistake.
* "Dumb http" transport used to misparse a nonsense http-alternates
response, which has been fixed.
* "git diff --quiet" relies on the size field in diff_filespec to be
correctly populated, but diff_populate_filespec() helper function
made an incorrect short-cut when asked only to populate the size
field for paths that need to go through convert_to_git() (e.g. CRLF
conversion).
* There is no need for Python only to give a few messages to the
standard error stream, but we somehow did.
* A leak in a codepath to read from a packed object in (rare) cases
has been plugged.
* "git upload-pack", which is a counter-part of "git fetch", did not
report a request for a ref that was not advertised as invalid.
This is generally not a problem (because "git fetch" will stop
before making such a request), but is the right thing to do.
* A "gc.log" file left by a backgrounded "gc --auto" disables further
automatic gc; it has been taught to run at least once a day (by
default) by ignoring a stale "gc.log" file that is too old.
* "git remote rm X", when a branch has remote X configured as the
value of its branch.*.remote, tried to remove branch.*.remote and
branch.*.merge and failed if either is unset.
* A caller of tempfile API that uses stdio interface to write to
files may ignore errors while writing, which is detected when
tempfile is closed (with a call to ferror()). By that time, the
original errno that may have told us what went wrong is likely to
be long gone and was overwritten by an irrelevant value.
close_tempfile() now resets errno to EIO to make errno at least
predictable.
* "git show-branch" expected there were only very short branch names
in the repository and used a fixed-length buffer to hold them
without checking for overflow.
* The code that parses header fields in the commit object has been
updated for (micro)performance and code hygiene.
* A test that creates a confusing branch whose name is HEAD has been
corrected not to do so.
* "Cc:" on the trailer part does not have to conform to RFC strictly,
unlike in the e-mail header. "git send-email" has been updated to
ignore anything after '>' when picking addresses, to allow non-address
cruft like " # stable 4.4" after the address.
* "git push" had a handful of codepaths that could lead to a deadlock
when unexpected error happened, which has been fixed.
* Code to read submodule.<name>.ignore config did not state the
variable name correctly when giving an error message diagnosing
misconfiguration.
* "git ls-remote" and "git archive --remote" are designed to work
without being in a directory under Git's control. However, recent
updates revealed that we randomly look into a directory called
.git/ without actually doing necessary set-up when working in a
repository. Stop doing so.
* The code to parse the command line "git grep <patterns>... <rev>
[[--] <pathspec>...]" has been cleaned up, and a handful of bugs
have been fixed (e.g. we used to check "--" if it is a rev).
* The code to parse "git -c VAR=VAL cmd" and set configuration
variable for the duration of cmd had two small bugs, which have
been fixed.
This supersedes jc/config-case-cmdline topic that has been discarded.
Also contains various documentation updates and code clean-ups.
libnghttp2
----------
The bug that nghttp2_session_want_write may return 0 if there is pending frames after GOAWAY frame is submitted has been fixed.
build
-----
_U_ macro has been eliminated in favor of old school (void)VAR for better compiler compatibility.
libnghttp2_asio
---------------
The asio client now sends PING frame when it gets idle for 30 seconds.
src
---
Mozilla’s “Modern compatibility” ciphers are used by default.
nghttpx
-------
The bug that -v option does not print out version number has been fixed.
The workaround of getaddrinfo failure with AI_ADDRCONFIG has been applied.
nghttpx now escapes certain characters in access log.
nghttpx now enables backend pattern matching with --http2-proxy option as well.
- performance: The performance of several APIs has been improved.
- Buffer.compare() is up to 35% faster on average.
- buffer.toJSON() is up to 2859% faster on average.
- fs.*statSync() functions are now up to 9.3% faster on average.
- os.loadavg is up to 151% faster.
- process.memoryUsage() is up to 34% faster.
- querystring.unescape() for Buffers is 15% faster on average.
- querystring.stringify() is up to 7.8% faster on average.
- querystring.parse() is up to 21% faster on average.
- IPC: Batched writes have been enabled for process IPC on platforms
that support Unix Domain Sockets.
- Performance gains may be up to 40% for some workloads.
- child_process: spawnSync now returns a null status when child is
terminated by a signal.
- This fixes the behavior to act like spawn() does.
- http:
- Control characters are now always rejected when using
http.request().
- Debug messages have been added for cases when headers contain
invalid values.
- node: Heap statistics now support values larger than 4GB.
- timers: Timer callbacks now always maintain order when interacting
with domain error handling.
