Take maintainership.
Changelog from AN-2020-07-01:
- Bourne Shell: A command like
bosh -c 'var=$({ echo value >&3; } 3>&1); echo $var'
Did not print "value" as expected, but rather bosh: 3: bad file number
This is related to the fact that curly brackets do not have an
own binary node type in the parsed output and the recursive parser
from the $(cmd) execution needs to reconstruct the text form
of a command tree. As a result, the command has been translated
into:
bosh -c 'var=$( echo value >&3 3>&1); echo $var'
and this caused the observed problem.
Note that this basic problem may not be finally fixed, so please
report in case that other commands with curly brackets together
with $(cmd) cause problems.
Thanks to Koichi Nakashima for reporting.
Take maintainership.
Changelog from AN-2020-07-01:
- Bourne Shell: A command like
bosh -c 'var=$({ echo value >&3; } 3>&1); echo $var'
Did not print "value" as expected, but rather bosh: 3: bad file number
This is related to the fact that curly brackets do not have an
own binary node type in the parsed output and the recursive parser
from the $(cmd) execution needs to reconstruct the text form
of a command tree. As a result, the command has been translated
into:
bosh -c 'var=$( echo value >&3 3>&1); echo $var'
and this caused the observed problem.
Note that this basic problem may not be finally fixed, so please
report in case that other commands with curly brackets together
with $(cmd) cause problems.
Thanks to Koichi Nakashima for reporting.
- Bourne Shell: Added a unit test for the bug above.
Changelog from AN-2020-07-01:
- star: Backslashes are now honored when looking for the substitution
separators in options like -s /from/to/ or -pax-s /from/to/
Previously, -s '/xxx\/yy//' was interpreted in a way that made
the **to string** "yy" and the **from string** "xxx\" instead of
making the from string "xxx\/yy" and the to string empty.
pkglint 20.2.0 (and a bit earlier) does not insist on entries
for directories any longer that do not contain complete packages.
Remove them.
While here, fix security/Makefile that had two missing entries.
Update clamav to 0.102.4.
## 0.102.4
ClamAV 0.102.4 is a bug patch release to address the following issues.
- [CVE-2020-3350](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3350):
Fix a vulnerability wherein a malicious user could replace a scan target's
directory with a symlink to another path to trick clamscan, clamdscan, or
clamonacc into removing or moving a different file (eg. a critical system
file). The issue would affect users that use the --move or --remove options
for clamscan, clamdscan, and clamonacc.
For more information about AV quarantine attacks using links, see the
[RACK911 Lab's report](https://www.rack911labs.com/research/exploiting-almost-every-antivirus-software).
- [CVE-2020-3327](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3327):
Fix a vulnerability in the ARJ archive parsing module in ClamAV 0.102.3 that
could cause a Denial-of-Service (DoS) condition. Improper bounds checking
results in an out-of-bounds read which could cause a crash.
The previous fix for this CVE in 0.102.3 was incomplete. This fix correctly
resolves the issue.
- [CVE-2020-3481](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3481):
Fix a vulnerability in the EGG archive module in ClamAV 0.102.0 - 0.102.3
could cause a Denial-of-Service (DoS) condition. Improper error handling
may result in a crash due to a NULL pointer dereference.
This vulnerability is mitigated for those using the official ClamAV
signature databases because the file type signatures in daily.cvd
will not enable the EGG archive parser in versions affected by the
vulnerability.
1.10.9
* Fixed Bitbucket redirect loop when credentials are outdated
* Fixed GitLab auth prompt wording
* Fixed self-update handling of files requiring admin permissions to write to on Windows (it now does a UAC prompt)
* Fixed parsing issues in funding.yml files
1.10.8
* Fixed compatibility issue with git being configured to show signatures by default
* Fixed discarding of local changes when updating packages to include untracked files
* Several minor fixes
Spleen 1.8.1 (2020-07-16)
- Center tilde vertically for all sizes, as modern fonts do
- Add black triangles in the 25E2-25E5 range
- Add single angle quotation mark characters
- Add white and black circle characters
- Add inverse bullet and inverse white circle characters
- Add 'A', 'a', 'O', 'o', 'U', 'u' characters with caron
- Add 'I', 'i', 'G', 'g', 'j' characters with caron
- Add 'H', 'h', 'K', 'k', characters with caron
- Add 'E' and 'e' characters with cedilla
- Add 'A', 'a', 'E', 'e', 'I', 'i', 'O', 'o', 'R', 'r', 'U', 'u' with
double grave
- Add "almost equal to" character
- Add 'G' and 'g' characters with acute accent
- Add 'O' and 'o' characters with stroke and acute
- Add double vertical bar and double exclamation mark characters
- Add stand alone breve, dot above, ogonek, small tilde, and double
acute accent
Changes:
2.0
---
* Dropped Python 2 support.
* miniircd now requires Python 3.6+.
* Channel log files are now named after the lowercase version of the channel
name for consistency.
* Fixed creation of PID file when using Python 3.
* Made sure to remove the PID file on daemon exit.
* Fixed creation of PID file with a relative path.
* Fixed a bug when using non-ASCII characters in Python 3 mode.
5.7.2
=====
Bug fixes
- wheels for 2.7 were inadvertently deleted.
5.7.1
=====
Enhancements
- 1729_: parallel tests on UNIX (make test-parallel). They're twice as fast!
- 1741_: "make build/install" is now run in parallel and it's about 15% faster
on UNIX.
- 1747_: `Process.wait()` on POSIX returns an enum, showing the negative signal
which was used to terminate the process::
>>> import psutil
>>> p = psutil.Process(9891)
>>> p.terminate()
>>> p.wait()
<Negsignal.SIGTERM: -15>
- 1747_: `Process.wait()` return value is cached so that the exit code can be
retrieved on then next call.
- 1747_: Process provides more info about the process on str() and repr()
(status and exit code)::
>>> proc
psutil.Process(pid=12739, name='python3', status='terminated',
exitcode=<Negsigs.SIGTERM: -15>, started='15:08:20')
- 1757_: memory leak tests are now stable.
- 1768_: [Windows] added support for Windows Nano Server.
Bug fixes
- 1726_: [Linux] cpu_freq() parsing should use spaces instead of tabs on ia64.
- 1760_: [Linux] Process.rlimit() does not handle long long type properly.
- 1766_: [macOS] NoSuchProcess may be raised instead of ZombieProcess.
- 1781_: fix signature of callback function for getloadavg().
Changes in version 2.36
=======================
* New API
* Added ATK_ROLE_MARK and ATK_ROLE_SUGGESTION
* Add ATK_TEX_ATTR_TEXT_POSITION to the list of possible AtkText
attributes
* Documentation
* Updated documentation for atk_text_set_caret_offset
* Building - meson
* Fix building atk as subproject
* Add Meson wrap file for GLib
* Building - visual studio
* Use -utf-8 if available
Changes in version 2.35.1
=========================
* AtkComponent, AtkImage, AtkText: Make sure returned values are
initialized to some known default value
* AtkPlug
* Add atk_plug_set_child
* AtkSocket
* Make AtkSocket get_extents return parent extents by default
* atk_socket_embed: make plug_id parameter const
* Make AtkSocketClass (embed) use const for plug_id
* AtkText
* Make atk_text_rectangle_union ignore undefined rectangles
* Documentation
* Refine *_scroll_to_point documentation
* Refine AtkScrollType documentation
CHANGES IN R 4.0.0:
SIGNIFICANT USER-VISIBLE CHANGES:
* Packages need to be (re-)installed under this version (4.0.0) of
R.
* matrix objects now also inherit from class "array", so e.g.,
class(diag(1)) is c("matrix", "array"). This invalidates code
incorrectly assuming that class(matrix_obj)) has length one.
S3 methods for class "array" are now dispatched for matrix
objects.
* There is a new syntax for specifying _raw_ character constants
similar to the one used in C++: r"(...)" with ... any character
sequence not containing the sequence )". This makes it easier to
write strings that contain backslashes or both single and double
quotes. For more details see ?Quotes.
* R now uses a stringsAsFactors = FALSE default, and hence by
default no longer converts strings to factors in calls to
data.frame() and read.table().
A large number of packages relied on the previous behaviour and
so have needed/will need updating.
* The plot() S3 generic function is now in package base rather than
package graphics, as it is reasonable to have methods that do not
use the graphics package. The generic is currently re-exported
from the graphics namespace to allow packages importing it from
there to continue working, but this may change in future.
Packages which define S4 generics for plot() should be
re-installed and package code using such generics from other
packages needs to ensure that they are imported rather than rely
on their being looked for on the search path (as in a namespace,
the base namespace has precedence over the search path).
See ${PREFIX}/lib/R/doc/NEWS for full changes.
