Notable changes:
New blur method for the experimental backends: dual-kawase
Support for rounding the corners of windows
Usability of picom-trans is improved
It's now possible to match against all values of a window property
Fix darkening of window edges when using blur
Some long deprecated options are removed
Fixes CVE-2022-38150 VSV00009
In order to execute an attack, the attacker would have to be able to
influence the HTTP/1 responses that the Varnish Server receives from
its configured backends. A successful attack would cause the Varnish
Server to assert and automatically restart.
This release is a feature release which includes support for
machine-readable formats for a couple more commands, plus the ability
to automatically merge LFS-based text files from the command-line.
Added
prom_api.get_default_chunk_interval()
prom_api.get_metric_chunk_interval(TEXT)
_ps_trace.text_matches()
_ps_trace.tag_v_text_eq_matching_tags()
Fixed
Don't fail metric deletion if some tables or views are missing
Incorrect type coercion when using tag_map with = operator
During upgrade from 0.3.x only alter relations which actually exist
Changed
ps_trace.delete_all_traces() can only be executed when no Promscale
connectors are running
This release includes these noteworthy features:
time_bucket now supports bucketing by month, year and timezone
Improve performance of bulk SELECT and COPY for distributed hypertables
1 step CAgg policy management
Migrate Continuous Aggregates to the new format
Changes since v5.4.0:
wolfSSL Release 5.5.0 (Aug 30, 2022)
Note:
** If not free’ing FP_ECC caches per thread by calling wc_ecc_fp_free there is a
possible memory leak during TLS 1.3 handshakes which use ECC. Users are urged
to confirm they are free’ing FP_ECC caches per thread if enabled to avoid
this issue.
Release 5.5.0 of wolfSSL embedded TLS has bug fixes and new features including:
Vulnerabilities
* [Low] Fault injection attack on RAM via Rowhammer leads to ECDSA key
disclosure. Users doing operations with private ECC keys such as server side
TLS connections and creating ECC signatures, who also have hardware that could
be targeted with a sophisticated Rowhammer attack should update the version of
wolfSSL and compile using the macro WOLFSSL_CHECK_SIG_FAULTS. Thanks to Yarkin
Doroz, Berk Sunar, Koksal Must, Caner Tol, and Kristi Rahman all affiliated
with the Vernam Applied Cryptography and Cybersecurity Lab at Worcester
Polytechnic Institute for the report.
* [Low] In wolfSSL version 5.3.0 if compiled with --enable-session-ticket and
the client has non-empty session cache, with TLS 1.2 there is the possibility
of a man in the middle passing a large session ticket to the client and
causing a crash due to an invalid free. There is also the potential for a
malicious TLS 1.3 server to crash a client in a similar manner except in TLS
1.3 it is not susceptible to a man in the middle attack. Users on the client
side with –enable-session-ticket compiled in and using wolfSSL version 5.3.0
should update their version of wolfSSL. Thanks to Max at Trail of Bits for the
report and "LORIA, INRIA, France" for research on tlspuffin.
* [Low] If using wolfSSL_clear to reset a WOLFSSL object (vs the normal
wolfSSL_free/wolfSSL_new) it can result in runtime issues. This exists with
builds using the wolfSSL compatibility layer (--enable-opnesslextra) and only
when the application is making use of wolfSSL_clear instead of
SSL_free/SSL_new. In the case of a TLS 1.3 resumption, after continuing to use
the WOLFSSH object after having called wolfSSL_clear, an application could
crash. It is suggested that users calling wolfSSL_clear update the version of
wolfSSL used. Thanks to Max at Trail of Bits for the report and "LORIA, INRIA,
France" for research on tlspuffin.
* Potential DoS attack on DTLS 1.2. In the case of receiving a malicious
plaintext handshake message at epoch 0 the connection will enter an error
state reporting a duplicate message. This affects both server and client
side. Users that have DTLS enabled and in use should update their version of
wolfSSL to mitigate the potential for a DoS attack.
New Feature Additions
* QUIC support added, for using wolfSSL with QUIC implementations like ngtcp2
* SE050 port additions and fixes
* Added support for Dilithium post quantum algorithm use with TLS
* Support for RSA-PSS signed certificates
* Support for Infineon AURIX IDE
* Add Zephyr support for nRF5340 with CryptoCell-312
Enhancements
* Expanded ABI support by 50 APIs to include wolfCrypt and Certificates making a
total of 113 ABIs controlled and maintained
* DTLS 1.3 partial support for ConnectionID as described by RFC9146 and RFC9147
* Added support for X509_CRL_print function
* Remove deprecated algorithms in Renesas cs+ project
* Support more build options disable/enable with i.MX CAAM build
* wolfSSL_CTX_set_options and wolfSSL_CTX_get_options functions added to non
compatibility layer builds
* TFM: change inline x86 asm code to compile with clang
* Improvements to error queue and fix for behavior of wolfSSL_ERR_get_error
* scripts/makedistsmall.sh script added for creating a small source/header only
package
* TLS 1.3: restrict extension validity by message, Extensions ServerName,
SupportedGroups and ALPN must not appear in server_hello
* Add liboqs integration to CMake build system
* Adds wolfSSL_PEM_read_RSAPrivateKey() to the OpenSSL compatible API
* Added support for P384 pre-share in bundled example server
* Replace clz assembly instruction in ARM 32 builds when not supported
* Integrate chacha20-poly1305 into the EVP interface
* Additional validation that extensions appear in correct messages
* Allow SAN to be critical with ASN template build
* Support wolfSSL_CTX_set1_curves_list being available when X25519 and/or X448
only defined
* Adds wolfSSL_PEM_read_RSA_PUBKEY() to the OpenSSL compatible API
* Match OpenSSL self signed error return with compatibility layer build
* Added wolfSSL_dtls_create_peer and wolfSSL_dtls_free_peer to help with Python
and Go wrappers for DTLS
Fixes
* DTLS 1.3 asynchronous use case fixes
* Fix handling of counter to support incrementing across all bytes in ARM crypto
asm
* Fixes for ED25519/ED448 private key with public key export (RFC8410)
* Fix for build with NO_TLS macro
* Fix for write dup function to copy over TLS version
* Fix to handle path lengths of 0 when checking certificate CA path lengths
* Fix for CMake not installing sp_int.h for SP math all
* When WOLFSSL_VALIDATE_ECC_IMPORT is defined ECC import validates private key
value is less than order
* PSA crypto fixes
* Fix for not having default pkcs7 signed attributes
* DTLS socket and timeout fixes
* SP int: exptmod ensure base is less than modulus
* Fix for AddPacketInfo with WOLFSSL_CALLBACKS to not pass encrypted TLS 1.3
handshake messages to callbacks
* Fix for sniffer to ensure the session was polled before trying to reprocess it
Changes since 8.2.41:
-- Noteworthy changes in version 8.2.42 (2022-08-28)
* Added support for reproducible builds using the `SOURCE_DATE_EPOCH` environment
variable. See https://reproducible-builds.org/docs/source-date-epoch/ for more
information.
* Extban `$Q` of type acting has been implemented. This extban prevents
matching users from using the `KICK` command.
* Implemented channel mode `Q`. `KICK` cannot be used on channels with that mode set.
* Implemented user mode `Z`. Users with that mode set may only receive private
messages from other users that are connected via TLS.
* Fixed issue where `WHO nick` on invisible clients (user mode i`) wouldn't work
Latest version is 1.12.0, but ruby-redmine50 require before 1.11.
1.9.0 (2022-01-26)
Minor version bump: The number of changes in this release are more than I
would feel comfortable including in a point release. Therefore, I have
bumped the minor version number here. -- @radar What's Changed
* No longer rely on refinements for Hash utility methods. by @casperisfine
in #573
* Fix typo: function is missing closing parenthesis by @patrickgramatowski
in #585
* CI: ruby/setup-ruby with cache by @olleolleolle in #582
* Test on Ruby 3.1 & Rails 7.0x by @radar in #597
* Fix lookups of 0 keys by @movermeyer in #594
* Only deep_symbolize_keys when needed by @paarthmadan in #588
* Symbolize names and freeze values when loading from JSON by @paarthmadan
in #587
* Clean up unneeded test aliases by @paarthmadan in #589
* Resolve Symbols using the original fallback locale by @movermeyer in #591
* Conditionally assert load_json returns symbolized data by @paarthmadan in
#601
* Symbolize keys and freeze values when loading from YAML by @paarthmadan in
#583
* fix ReDoS by @ooooooo-q in #600
* Exclude MissingTranslation options that are not used by the instance by
@sundling in #581
* Remove references to default_locale in fallbacks comment by @movermeyer in
#576
* API for marking a key as reserved by @ghiculescu in #579
* Fix missing requires of i18n/core_ext/hash by @razum2um in #574
* Fix ArgumentError when Fallbacks#map used as in Hash by @bagilevi in #570
New Contributors
* @patrickgramatowski made their first contribution in #585
* @olleolleolle made their first contribution in #582
* @movermeyer made their first contribution in #594
* @paarthmadan made their first contribution in #588
* @ooooooo-q made their first contribution in #600
* @sundling made their first contribution in #581
* @razum2um made their first contribution in #574
1.9.1 (2022-01-28)
What's Changed
* Revert "Fix missing requires of i18n/core_ext/hash" by @radar in #602
* CI: Lint the GitHub Actions YAML by @olleolleolle in #604
1.10.0 (2022-02-14)
What's Changed
New Features
* LazyLoadable Backend by @paarthmadan in #612
* Add a version badge to README by @mishina2228 in #621
Bug fixes
* Remove warning: assigned but unused variable by @mishina2228 in #611
* Minor I18n.normalize_keys improvement by @codealchemy in #616
* Allow overriding of entry resolving entry resolving separate from defaults
by @movermeyer in #622
Other changes
* Remove pry from Gemfile as it is not used by @dvzrv in #608
New Contributors
* @dvzrv made their first contribution in #608
* @mishina2228 made their first contribution in #611
packaging changes:
- require pgsql >= 11, per upstream
- enable address standardizer module
PostGIS 3.3.0
2022/08/26
This version requires PostgreSQL 11 or higher, GEOS 3.6 or higher, and Proj 5.2+.
Additional features are enabled if you are running GEOS 3.9+
ST_MakeValid enhancements with 3.10+, ST_ConcaveHull and several other enhancements with GEOS 3.11+.
Requires SFCGAL 1.4.1+ for ST_AlphaShape and ST_OptimalAlphaShape.
The new --enable-lto flag improves math computations. This new feature is disabled by default
because on some platforms, causes compilation errors (BSD and MingW64 issues have been raised)
Use below to enable it.
./configure --enable-lto flag
* New features *
- #5116, Topology export/import scripts (Sandro Santilli)
- ST_Letters creates geometries that look like letters (Paul Ramsey)
- #5037, postgis_sfcgal: ST_3DConvexHull (Loïc Bartoletti)
- postgis_sfcgal: sfcgal_full_version - reports BOOST and CGAL version
(Loïc Bartoletti)
- GH659, MARC21/XML, ST_GeomFromMARC21, ST_AsMARC21 (Jim Jones)
- #5132, GH683, sfcgal: ST_3DUnion aggregate function (Sergei Shoulbakov)
- #5143, SFCGAL ST_AlphaShape and ST_OptimalAlphaShape
Requires SFCGAL 1.4.1+ (Loïc Bartoletti)
- #5162, ST_TriangulatePolygon with GEOS 3.11+ (Paul Ramsey, Martin Davis)
- #5162, ST_SimplifyPolygonHull with GEOS 3.11+ (Paul Ramsey, Martin Davis)
- #5183, topology.RemoveUnusedPrimitives (Sandro Santilli)
* Breaking changes *
- Drop support for PostgreSQL 9.6 and 10 (Regina Obe)
- Change output for WKT MULTIPOINT. All points now
wrapped in parens. (Even Roualt)
- GH674, geometry validation and fixing is disabled
for ST_DumpAsPolygons and ST_Polygon so it works faster
but might produce invalid polygons. (Aliaksandr Kalenik)
* Enhancements *
- #2861, Add index on topology.node(containing_face) speeding up
splitting and merging of faces (Sandro Santilli)
- #2083, Speed up ST_RemEdge topology functions adding index on
relation(element_id) and edge_data(abs_next*) (Sandro Santilli)
- #5118, Allow dropping topologies with missing topogeometry sequences
(Sandro Santilli)
- #5111, faster topology face MBR computation (Sandro Santilli)
- postgis_extensions_upgrade() support for upgrades from any PostGIS
version, including yet to be released ones (Sandro Santilli)
- #5040, add postgis_sfcgal_full_version (Loïc Bartoletti)
- GH655, GiST: balance the tree splits better in recursive calls (Darafei Praliaskouski)
- GH657, GiST: do not call no-op decompress function (Aliaksandr Kalenik)
- #4939, #5161, ST_LineMerge now has option to keep the directions of input linestrings,
useful when processing road graphs. Requires GEOS 3.11. (Sergei Shoulbakov)
- ST_ConcaveHull GEOS 3.11+ native implementation (Paul Ramsey, Martin Davis)
- ST_ConcaveHull GEOS 3.11+ polygon-respecting native implementation (Paul Ramsey, Martin Davis)
- #4574, GH678, #5121 Enable Link-Time Optimizations using --enable-lto (Sergei Shoulbakov)
- GH676, faster ST_Clip (Aliaksandr Kalenik)
- #5135, Fast GiST index build is enabled by default for PostgreSQL 15+ (Sergei Shoulbakov)
- #4939, #5161, ST_LineMerge now has option to keep the directions of input linestrings,
useful when processing road graphs. Requires GEOS 3.11. (Sergei Shoulbakov)
- #5158, pgtopo_import / pgtopo_export manpages (Sandro Santilli)
- #5170, add a optional max_rows_per_copy to -Y option to raster2pgsql to
control number of rows per copy statement.
Default to 50 when not specified (Regina Obe)
- GH698, support parallel aggregate for ST_Union (Sergei Shoulbakov)
- #5024, Update spatial_ref_sys as part of ALTER EXTENSION update postgis (Paul Ramsey)
* Bug Fixe *
0.35 (released 2nd September 2022)
Diffing
- Difftastic now fixes sliders in more cases, producing better diff results.
Parsing
- Difftastic will now autodetect files in UTF-16-BE and UTF-16-LE.
Previously it required files to be UTF-8.
- Added support for Makefiles.
- Fixed an issue with HCL language detection on .workflow files. Fixed an
issue with Makefile language detection.
Command Line Interface
- Fixed terminal width detection when only stderr is a TTY (e.g. when using
difftastic with git). This was broken in 0.34.
- Added an option --list-languages which reports all the languages supported,
along with the extensions associated with them.
It doesn't appear to solve the problem, I must have had a stale install
directory around when testing. Still none the wiser as to why the krb5 module
isn't being built correctly, but apparently it seems to work for some folks, so
it will have to be left broken on SunOS for a bit.
4.04 (2022-apr-18)
------------------
When closing a file, save the current page number in ~/.xpdf.pages,
and restore it next time the file is opened. This can be disabled
with "savePageNumbers no" in your xpdfrc file.
Allow the tab list to be reordered, using drag-and-drop.
Added a document information dialog, with metadata and fonts, to xpdf.
Pdftohtml now generates HTML links for URI links anchored on text.
Added the useTrueTypeUnicodeMapping xpdfrc setting.
Added the 'enableXFA' xpdfrc setting back: if set to 'no', xpdf will
not read an XFA form, meaning all form info comes from the AcroForm.
Add support for long paths on Windows 10.
Added the "-formfields" option to pdftohtml.
Added the "-embedbackground" and "-embedfonts" options to pdftohtml.
Added the "-vstretch" option to pdftohtml.
Added the "-verbose" flag to pdfimages, pdftohtml, pdftopng, pdftoppm,
pdftops, and pdftotext.
Added the showAttachmentsPane, showLayersPane, and showOutlinePane
commands.
Added the 'openFile2' command to xpdf.
Added the showMenuBar, hideMenuBar, and toggleMenuBar commands to
xpdf.
Rearrange file names in the tab list to "foo.pdf [/full/path/]", to
improve the usability of the (narrow) tab list.
Added the 'imageMaskAntialias' xpdfrc setting.
Added the '-table' switch to pdftohtml.
Fixed a couple of progression order bugs in the JPEG 2000 decoder.
[Thanks to shellway for the bug reports.]
Fixed a problem with subsampled pixel index computations in the JPEG
2000 decoder. [Thanks to shellway for the bug report.]
Fixed a couple of memory leaks triggered by fuzzed PDF files. [Thanks
to shellway for the bug report.]
Changed pdftohtml to generate spans with 'class=' instead of 'id=', so
there aren't duplicate ids. Also removed the unused id in the
background img element.
Optimized SplashOutputDev::drawTilingPattern for the case where the
tile is much larger than the area being drawn (i.e., the clipping
bbox). In this case, we can render just the needed portion of the
tile.
Added a missing zero check for precinct size in the JPEG 2000 decoder.
[Thanks to shellway for the bug report.]
Added a missing null check in the XFA form scanner. [Thanks to Taolaw
for the bug report.]
Deal with xref streams that include a free entry with gen=0xffffffff.
Fixed a problematic corner case in looking up XObject resources.
[Thanks to shellway for the bug report.]
The unicodeRemapping config command wasn't correctly handling unsorted
remapping files.
Improved handling of RTL text in the text extractor.
Extended the saveTabState/loadTabState commands to save/restore
display mode, zoom, rotation, and scroll position for each tab.
Added support for Qt6.
Added a missing bounds check on stream DecodeParms arrays. [Thanks to
minipython for the bug report.]
Fixed an integer overflow check in XRef::readXRefTable. [Thanks to
yangshufan for the bug report.]
The builtin Latin1 encoding was mapping 'endash' instead of
'softhyphen' to 0xad. [Thanks to Jach Fong for the bug report.]
Fixed a bug in PSOutputDev::checkPageSlice() when built without
SPLASH_CMYK. [Thanks to irfanariq for the bug report.]
Added missing array length and type checks in Gfx::doForm(). [Thanks
to shaohua for the bug report.]
Fixed an integer overflow security hole in the JBIG2 decoder.
Substitute Helvetica for undefined fonts and bad font objects.
Added an integer overflow check in JPXStream. (JPXStream issue)
[Thanks to Shin Ando @ Ricera Security for the bug report.]
The DCT (JPEG) decoder was allowing the 'interleaved' flag to be
changed after the first scan of the image. (CVE-2022-24106) [Thanks
to Shin Ando @ Ricera Security for the bug report.]
core:
* Splash: Do not truncate line dash patterns with more than 20 entries. Issue #1281
* Various signature related improvements
* Fix FormField::getFullyQualifiedName in some scenarios
* Splash: Small optimization on dash pattern handling
* JBIG2Stream::readHalftoneRegionSeg: Fix potential memory leak
* Fix crashes on malformed files. Including CVE-2022-38784
* Fix string formatting in error reporting
glib:
* Fix two potential memory leaks in poppler_document_create_dests_tree
utils:
* pdfsig: List signature field names when listing signature information
* pdfsig: Add support for specifying signature by field name
* pdfunite: Fix crashes on malformed files
* pdfunite: Fix potential memory leak of docs
