Version 23.0.0 "The Bride Said No":
New features and enhancements
* mkvmerge: input: format detection uses file-extension to improve performance
and to give preference when several formats match.
* mkvmerge: AV1: added support for reading AV1 video from Open Bitstream Unit
files.
* mkvmerge: AV1: adjusted the code for the AV1 bitstream format changes made
up to 2018-05-02.
* mkvmerge: MP4 reader: if a track has an edit list with two identical
entries, each spanning the file's duration as given in the movie header
atom, then the second entry will now be ignored. Improves the handling of
files with bogus data.
* MKVToolNix GUI: multiplexer: added options to only enable tracks of certain
types by default.
* MKVToolNix GUI: multiplexer: added an option to enable dialog normalization
gain removal by default for all audio tracks for which the operation is
supported.
* MKVToolNix GUI: multiplexer: when deriving track languages from the file
names is active and the file name contains the usual season/episode pattern
(e.g. "S02E14"), then only the part after the season/episode pattern will be
used for detecting the language.
* MKVToolNix GUI: multiplexer: the regular expression used for deriving track
languages from the file names can now be customized in the preferences.
* MKVToolNix GUI: multiplexer: the user can now customize the list of track
languages the GUI recognizes in file names. This list defaults to a handful
of common languages instead of the full list of supported languages.
As far as I can see, only non-security-relevant bugfixes.
go1.10.2 (released 2018/05/01) includes fixes to the compiler, linker, and go
command. See the Go 1.10.2 milestone on our issue tracker for details.
- Fix the build with OpenSSL 1.1.0 backporting a patch from upstream.
- Minor mostly cosmetic changes (pointed out by pkglint)
- Take MAINTAINERship
Bump PKGREVISION
CHANGES BETWEEN 2.9 and 2.9.1
I. IMPORTANT BUG FIXES
- Type 1 fonts containing flex features were not rendered
correctly (bug introduced in version 2.9).
- CVE-2018-6942: Older FreeType versions can crash with certain
malformed variation fonts.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6942
II. MISCELLANEOUS
- Bug fix: Multiple calls to `FT_Get_MM_Var' returned garbage.
- The base extensions `ftlcdfil' and `ftfntfmt' are now part of
the base module (and thus no longer configurable in file
`modules.cfg').
- Emboldening of bitmaps didn't work correctly sometimes, showing
various artifacts (bug introduced in version 2.8.1).
- Use of the `freetype-config' script to get compilation and
linking options is deprecated since it doesn't support
cross-compiling, among other deficiencies. Instead, you should
use the `pkg-config' interface.
The `configure' script no longer installs `freetype-config' by
default. For backwards compatibility, a new configure option
`--enable-freetype-config' is provided that reverts this
decision.
- The auto-hinter script ranges have been updated for Unicode 11.
No support for new scripts have been added, however, with the
exception of Georgian Mtavruli.
- Support for cmake has been improved.
- The next release will remove support for Position Independent
Code as needed by systems that prohibit automatic address
fixups, such as BREW. [Compilation with modern compilers that
use flags like `-fPIC' or `-fPIE' is not affected.]
0.3.1:
Fixes
- Revert part of 576 causing display issues with version selector menu
- Backwards compatibility fixes for pre-0.3.0 releases
- Fix mkdocs version selector
- Add open list spacing
- Fix table centering
changes in version 2.2.7:
* gpg: New option --no-symkey-cache to disable the passphrase cache
for symmetrical en- and decryption.
* gpg: The ERRSIG status now prints the fingerprint if that is part
of the signature.
* gpg: Relax emitting of FAILURE status lines
* gpg: Add a status flag to "sig" lines printed with --list-sigs.
* gpg: Fix "Too many open files" when using --multifile.
* ssh: Return an error for unknown ssh-agent flags.
* dirmngr: Fix a regression since 2.1.16 which caused corrupted CRL
caches under Windows.
* dirmngr: Fix a CNAME problem with pools and TLS. Also use a fixed
mapping of keys.gnupg.net to sks-keyservers.net.
* dirmngr: Try resurrecting dead hosts earlier (from 3 to 1.5 hours).
* dirmngr: Fallback to CRL if no default OCSP responder is configured.
* dirmngr: Implement CRL fetching via https. Here a redirection to
http is explictly allowed.
* dirmngr: Make LDAP searching and CRL fetching work under Windows.
This stopped working with 2.1.
* agent,dirmngr: New sub-command "getenv" for "getinfo" to ease
debugging.
Changes since 0.12.0 include a fix for CVE-2017-6807
Version 0.14.0
==============
* Backwards incompatible changes
This version switches the default signature algorithm used when
signing messages from rsa-sha1 to rsa-sha256. If your IdP does not
allow messages to be signed with that algorithm, you need to add a
setting switching back to the old algorithm:
MellonSignatureMethod rsa-sha1
Note that this only affects messages sent from mod_auth_mellon to your
IdP. It does not affect authentication responses or other messages
sent from your IdP to mod_auth_mellon.
* New features
Many improvements in what is logged during various errors.
Diagnostics logging, which creates a detailed log during request
processing.
Add support for selecting which signature algorithm is used when
signing messages, and switch to rsa-sha256 by default.
* Bug fixes
Fix segmentation fault in POST replay functionality on empty value.
Fix incorrect error check for many lasso_*-functions.
Fix case sensitive match on MellonUser attribute name.
Version 0.13.1
==============
* Security fix
Fix a cross-site session transfer vulnerability. mod_auth_mellon
version 0.13.0 and older failed to validate that the session
specified in the user's session cookie was created for the web site
the user actually accesses.
If two different web sites are hosted on the same web server, and
both web sites use mod_auth_mellon for authentication, this
vulnerability makes it possible for an attacker with access to one
of the web sites to copy their session cookie to the other web
site, and then use the same session to get access to the other web
site.
Thanks to François Kooman for reporting this vulnerability.
This vulnerability has been assigned CVE-2017-6807.
Note: The fix for this vunlerability makes mod_auth_mellon validate
that the cookie parameters used when creating the session match
the cookie parameters that should be used when accessing the current
page. If you currently use mod_auth_mellon across multiple subdomains,
you must make sure that you set the MellonCookie-option to the same
value on all domains. Bug fixes
Fix segmentation fault if a (trusted) identity provider returns
a SAML 2.0 attribute without a Name.
Fix segmentation fault if MellonPostReplay is enabled but
MellonPostDirectory is not set.
Version 0.13.0
==============
* Security fix
Fix a denial of service attack in the logout handler, which allows
a remote attacker to crash the Apache worker process with a
segmentation fault. This is caused by a null-pointer dereference
when processing a malformed logout message. New features
Allow MellonSecureCookie to be configured to enable just one
of the "httponly" of "secure" flags, instead of always enabling
both flags.
Support per-module log level with Apache 2.4.
Allow disabling the Cache-Control HTTP response header.
Add support for SameSite cookie parameter.
* Bug fixes
Fix MellonProbeDiscoveryIdP redirecting to the wrong IdP if no IdPs
respond to the probe request.
Fix mod_auth_mellon interfering with other Apache authentication
modules even when it is disabled for a path.
Fix wrong HTTP status code being returned in some cases during
user permission checks.
Fix default POST size limit to actually be 1 MB.
Fix error if authentication response is missing the optional
Conditions-element.
Fix AJAX requests being redirected to the IdP.
Fix wrong content type for ECP authentication request responses.
In addition there are various fixes for errors in the documentation,
as well as internal code changes that do not have any user visible
effects.
Use bundled OpenSSL until pkgsrc provides the required 1.1.x.
### Notable Changes
- Assert
- Calling `assert.fail()` with more than one argument is deprecated.
- Calling `assert.ok()` with no arguments will now throw.
- Calling `assert.ifError()` will now throw with any argument other
than `undefined` or `null`. Previously the method would throw with
any truthy value.
- The `assert.rejects()` and `assert.doesNotReject()` methods have
been added for working with async functions.
- Async_hooks
- Older experimental async_hooks APIs have been removed.
- Buffer
- Uses of `new Buffer()` and `Buffer()` outside of the
`node_modules` directory will now emit a runtime deprecation
warning.
- `Buffer.isEncoding()` now returns `undefined` for falsy values,
including an empty string.
- `Buffer.fill()` will throw if an attempt is made to fill with an
empty `Buffer`.
- Child Process
- Undefined properties of env are ignored.
- Console
- The `console.table()` method has been added.
- Crypto
- The `crypto.createCipher()` and `crypto.createDecipher()` methods
have been deprecated. Please use `crypto.createCipheriv()` and
`crypto.createDecipheriv()` instead.
- The `decipher.finaltol()` method has been deprecated.
- The `crypto.DEFAULT_ENCODING` property has been deprecated.
- The `ECDH.convertKey()` method has been added.
- The `crypto.fips` property has been deprecated.
- Dependencies
- V8 has been updated to 6.6.
- OpenSSL has been updated to 1.1.0h.
- EventEmitter
- The `EventEmitter.prototype.off()` method has been added as an
alias for `EventEmitter.prototype.removeListener()`.
- File System
- The `fs/promises` API provides experimental promisified versions
of the `fs` functions.
- Invalid path errors are now thrown synchronously.
- The `fs.readFile()` method now partitions reads to avoid thread
pool exhaustion.
- HTTP
- Processing of HTTP Status codes `100`, `102-199` has been
improved.
- Multi-byte characters in URL paths are now forbidden.
- N-API
- The n-api is no longer experimental.
- Net
- The `'close'` event will be emitted after `'end'`.
- Perf_hooks
- The `PerformanceObserver` class is now an `AsyncResource` and can
be monitored using `async_hooks`.
- Trace events are now emitted for performance events.
- The `performance` API has been simplified.
- Performance milestone marks will be emitted as trace events.
- Process
- Using non-string values for `process.env` is deprecated.
- The `process.assert()` method is deprecated.
- REPL
- REPL now experimentally supports top-level await when using the
`--experimental-repl-await` flag.
- The previously deprecated "magic mode" has been removed.
- The previously deprecated `NODE_REPL_HISTORY_FILE` environment
variable has been removed.
- Proxy objects are shown as Proxy objects when inspected.
- Streams
- The `'readable'` event is now always deferred with nextTick.
- A new `pipeline()` method has been provided for building
end-to-data stream pipelines.
- Experimental support for async for-await has been added to
`stream.Readable`.
- Timers
- The `enroll()` and `unenroll()` methods have been deprecated.
- TLS
- The `tls.convertNPNProtocols()` method has been deprecated.
- Support for NPN (next protocol negotiation) has been dropped.
- The `ecdhCurve` default is now `'auto'`.
- Trace Events
- A new `trace_events` top-level module allows trace event
categories to be enabled/disabled at runtime.
- URL
- The WHATWG URL API is now a global.
- Util
- `util.types.is[…]` type checks have been added.
- Support for bigint formatting has been added to `util.inspect()`.
#### Deprecations:
The following APIs have been deprecated in Node.js 10.0.0
- Passing more than one argument to `assert.fail()` will emit a
runtime deprecation warning.
- Previously deprecated legacy async_hooks APIs have reached
end-of-life and have been removed.
- Using `require()` to access several of Node.js' own internal
dependencies will emit a runtime deprecation.
- The `crypto.createCipher()` and `crypto.createDecipher()` methods
have been deprecated in documentation.
- Using the `Decipher.finaltol()` method will emit a runtime
deprecation warning.
- Using the `crypto.DEFAULT_ENCODING` property will emit a runtime
deprecation warning.
- Use by native addons of the `MakeCallback()` variant that passes a
`Domain` will emit a runtime deprecation warning.
- Previously deprecated internal getters/setters on `net.Server` has
reached end-of-life and have been removed.
- Use of non-string values for `process.env` has been deprecated in
documentation.
- Use of `process.assert()` will emit a runtime deprecation warning.
- Previously deprecated `NODE_REPL_HISTORY_FILE` environment variable
has reached end-of-life and has been removed.
- Use of the `timers.enroll()` and `timers.unenroll()` methods will
emit a runtime deprecation warning.
- Use of the `tls.convertNPNProtocols()` method will emit a runtime
deprecation warning. Support for NPN has been removed from Node.js.
- The `crypto.fips` property has been deprecated in documentation.
-updated astyle code to release 3.1 (Rev. 655)
-added webkit reformatting style
-improved several language definitions
-fixed Matlab string recognition (https://github.com/andre-simon/highlight/issues/61)
-fixed Autohotkey escape sequence recognition (thanks to Klaus Daube)
-added excel.lang (https://github.com/andre-simon/highlight/pull/60)
-improved Qt pro file (https://github.com/andre-simon/highlight/pull/59)
-CLI: added --reformat-option (https://github.com/andre-simon/highlight/issues/62)
-CLI: added --line-range (https://github.com/andre-simon/highlight/issues/64)
-GUI: added Bulgarian translation (thanks to Georgi Sotirov)
-fixed HL_OUTPUT in Lua state for HL_FORMAT_XHTML and HL_FORMAT_TRUECOLOR values
-fixed lib-shared make target
-updated astyle code to release 3.1.0 beta
-added Polygen and EBNF2 syntax definitions (thanks to Tristano Ajmone)
-added pywal terminal colouring template in extras/pywal
-added reformatting style ratliff (replaces banner)
-added extras/langDefs-resources/cleanslate.lang (thanks to Tristano Ajmone)
-improved Perl6 compatibility
-improved PHP string interpolation
-improved Haskell definition (https://github.com/andre-simon/highlight/pull/52)
-CLI: added --canvas option to define background color padding in ANSI output
(https://github.com/andre-simon/highlight/issues/40)
-GUI: added French translation (thanks to Antoine Belvire)
-GUI: added Scripts tab (suggested by Tristano Ajmone)
-GUI: minor bugfixes
-renamed examples directory to extras
-line anchors (-a) are attached as id attribute to the first span or li tag in
HTML output (https://github.com/andre-simon/highlight/issues/36)
-renamed ID prefix in outhtml_codefold plug-in to be compatible with -a IDs
-added fstab.lang and added anacrontab in filetypes.conf
-removed references to OutputType::HTML32
-added extras/css-themes and extras/langDefs-resources
(thanks to Tristano Ajmone)
-CLI: removed deprecated indicator of --data-dir option
-CLI: added --no-version-info option
-GUI: fixed initial theme selection
-GUI: added "Omit version info comment" option
-GUI: added "Copy with MIME type" option for HTML output
(https://github.com/andre-simon/highlight/issues/32)
-fixed Ruby string parsing (thanks to Jens Schleusener)
-fixed segfault on sparc64 (patch by James Clarke)
-fixed PureBasic definition (https://github.com/andre-simon/highlight/issues/25)
-added CMake definition (https://github.com/andre-simon/highlight/issues/20)
-added email definition (https://github.com/andre-simon/highlight/issues/21)
-linked scm suffix to lisp definition
(https://github.com/andre-simon/highlight/issues/22)
-W32 CLI: support HIGHLIGHT_DATADIR and --data-dir options
(https://github.com/andre-simon/highlight/issues/24)
-revised documentation
-added syntax for Docker and Elixir
-improved HTML, Julia, Kotlin and Smalltalk syntax definitions
-GUI: added "Paste, Convert and Copy" button
(https://sourceforge.net/p/syntaxhighlight/support-requests/4/)
-fixed Bash variable highlighting issue
-updated astyle code to release 3.0.1 (https://sourceforge.net/p/astyle/bugs/438)
-added bash_ref_man7_org.lua plugin
-fixed Perl string highlighting issue
-fixed highlighting if a line continues after the nested code delimiter
-updated astyle code to release 3.0
-added examples/pandoc (thanks to Tristano Ajmone)
-added syntax mapping for markdown
(https://github.com/andre-simon/highlight/issues/11)
-added syntax mapping for clj
(https://github.com/andre-simon/highlight/issues/15)
-improved Java definition (https://github.com/andre-simon/highlight/issues/13)
-added theme to JSON converter in examples/json
(https://github.com/andre-simon/highlight/issues/8)
-CLI: added support for environment variable HIGHLIGHT_OPTIONS
(https://github.com/andre-simon/highlight/issues/17)
-fixed code folding plugin to support more Ruby conditional modifiers
(thanks to Jens Schleusener)
-fixed Perl quoted string highlighting (thanks to Jens Schleusener)
-added new GeneratorOverride syntax definition parameter
-added Filenames parameter in filetypes.conf to assign input filenames
to syntax types (suggested by Andy)
-added FASM definition and edit-fasm theme (thanks to Tristano Ajmone)
-added outhtml_ie7_webctrl plug-in (suggested by Tristano Ajmone)
-GUI: file extensions can be configured for multiple languages,
triggers syntax selection prompt
-GUI: added Italian translation (thanks to Tristano Ajmone)
-fixed code folding plugin to support Ruby conditional modifiers
-fixed JSON definition (thanks to Timothee Cour)
-fixed output of unknown syntax warning with applied force switch
(thanks to Andy)
-added state trace parameter to Decorate plug-in function
-added GDScript definition and edit-godot theme (thanks to Tristano Ajmone)
-updated SWIG code samples
-updated Artistic Style lib (SVN Rev. 553)
-revised docs
-CLI: fixed creation of hidden files if output filename is prepended by its
input path
-CLI: added switch --stdout (https://sourceforge.net/p/syntaxhighlight/bugs/14)
-fixed segfault with --skip applied on a single file input list
(thanks to Jens Schleusener)
-added support for Python 3.6 syntax
-added Github and Sourceforge themes
-fixed highlighting of nested section delimiters
-fixed PHP definition (thanks to Christoph Burschka)
-fixed font family declaration in SVG
-fixed user defined encoding in ODT
-fixed unnecessary output of style file with --inline-css
(thanks to Jens Schleusener)
-added vimscript language definition (thanks to Max Christian Pohle)
-added Coffeescript language definition (thanks to Jess Austin)
-added PureBasic definition and theme (thanks to Tristano Ajmone)
-added JSX language definition (suggested by Max Stoiber)
-added PO translation definition
-added plug-in outhtml_add_figure.lua
-updated js definition
-updated Artistic Style lib (SVN Rev. 521)
-improved various color themes and syntax definitions
-added support for true color escape codes (--out-format truecolor)
-fixed xterm256 output for paging with less (thanks to Fylwind)
-fixed operator regex in rnc.lang, crk.lang and yaml.lang (thanks to Joe Klauza)
-added Pony and Whiley definitions
-updated Ceylon, Julia and TypeScript definitions
-added Go, AutoHotKey, TypeScript and R to the foldable list in the
outhtml_codefold.lua plug-in
-removed plugins/bash_ref_linuxmanpages_com.lua
-GUI: fixed README, ChangeLog and License file paths on Linux
-revised documentation
-GUI: fixed minor layout issues
-the data directory can be defined with the HIGHLIGHT_DATADIR environment variable
-fixed RTF output of UTF-8 input; needs input encoding set to utf-8
(thanks to Kamigishi Rei)
-fixed XML comment recognition (thanks to Mani)
-data search directories were appended to the result of --list-scripts
-revised older syntax definitions
-updated base URLs of bash_ref_linuxmanpages and cpp_ref_qtproject plug-ins
-GUI: added system copy and paste shortcuts for clipboard functions
(suggested by Kamigishi Rei)
-added Ansible Yaml definition (thanks to Raphael Droz)
-added Chapel definition (thanks to Lydia Duncan)
-fixed gcc 6 warnings about deprecated auto_ptr usage
-src/makefile: added -std=c++11 because of auto_ptr to unique_ptr transition
(thanks to Jens Schleusener)
-GUI: fixed style file output if "write to source directory" option is
checked (thanks to Jim Pattee)
-added support of Pascal, Lua, Ruby and C# regions in outhtml_codefold.lua
-improved outhtml_codefold.lua to handle embedded languages
-added string delimiters in the Ruby definition
-added new AssertEqualLength flag in string section of language definitions
-improved heredoc parsing
-fixed Lua multiline string recognition
-improved SVG whitespace output (patch by Paul de Vrieze)
-added Nim and mIRC Scripting definitions
-improved outhtml_codefold.lua to ignore brackets on the same line
-added RTF output to mark_lines.lua
-fixed Powershell and NSIS definitions
-added JSON and Github Markdown definitions
-CLI: added --keep-injections option to force plugin injection output with -f
-GUI: added keep injections checkbox
-GUI: fixed crash after removing selected plugins
-added HL_REJECT state to be used in a OnStateChange function
-added DecorateLineBegin and DecorateLineEnd hooks
-added mark_lines.lua, outhtml_codefold.lua, comment_links.lua plug-ins
-fixed font face in ODT output
-fixed Operators parameter in frink.lang and oorexx.lang
-fixed regular expression parsing within strings for JS, Perl and Ruby
-CLI: added --page-color option to include a page color in RTF output
-GUI: added RTF page color checkbox
-added new SVG definition to support embedded scripting
-improved js.lang, css.lang, scss.lang, less.lang, tsql.lang
-modified HTML ordered list output to work better with new plug-ins
-renamed plug-in variable HL_INPUT_FILE to HL_PLUGIN_PARAM
-CLI: renamed --plug-in-read option to --plug-in-param
-GUI: updated plug-in parameter label and tool-tips
-GUI: fixed minor issues
-fixed TeX output for cweb documents (patch by Ingo Krabbe)
-fixed string interpolation in bat.lang
-added reduce_filesize.lua, outhtml_add_shadow.lua,
outhtml_add_background_svg.lua, outhtml_add_background_stripes.lua,
outhtml_add_line.lua plug-ins
-added TCL extension in examples/tcl
-added kotlin.lang, nginx.lang and julia.lang
-updated php.lang to include version 7 keywords
-updated ceylon.lang to include version 1.2 keywords
-updated scripts in examples directory
-CLI: style-infile option marked as deprecated
-GUI: shortened paths in file input lists
-added rs.lang
-added conf.lang (thanks to Victor Ananjevsky)
-added some extensions in filetypes.conf (patch by Victor Ananjevsky)
-fixed Matlab definition and style (thanks to Justin Pearson)
-CLI: fixed --list-scripts with unknown argument (thanks to Jens Schleusener)
-updated astyle code to release 2.05.1
-fixed shebang recognition (thanks to Victor Ananjevsky)
-GUI: added option to define line numbering start
-added support for LESS, SASS and Stylus CSS processors (suggested by Marcel Bischoff)
-added support for Lua 5.3, removed LUA52 makefile option
-fixed heredoc matching in perl.lang (thanks to cornucopia)
-fixed Haskell lang (thanks to Daan Michiels)
-fixed RNC lang (thanks to Daan Michiels)
-fixed regex pattern in js.lang
-updated astyle code to release 2.05
-added astyle reformatting style vtk
-added bold, italic and underline attributes to xterm256 ANSI output
(patch by Andrew Fuller)
-fixed assembler mapping in filetypes.conf (thanks to Jens Schleusener)
-added Swift definition
-improved ASP, F#, OCaml and Lisp syntax definitions
-added interpolation patterns to several definitions
-updated base URLs in cpp_ref_gtk_gnome and cpp_ref_qtproject plug-ins
-CLI: added Pango markup output option (patch by Dominik Schmidt)
patch-ab no longer needed just since 15 Jan 2018(!)
5 years worth of changes including:
- C++11 is now required. Your compiler must have shared_ptr, noexcept, etc.
- Removed pqxx::items. Use the new C++11 initialiser syntax.
- Removed maketemporary. We weren't using it.
- Can now be built outside the source tree.
- New, simpler, lambda-friendly transactor framework.
- New, simpler, prepared statements and parameterised statements.
- Result rows can be passed around independently.
- New exec0(): perform query, expect zero rows of data.
- New exec1(): perform query, expect (and return) a single row of data.
- New exec_n(): perform query, expect exactly n rows of data.
- No longer defines Visual Studio's NOMINMAX in headers.
- Much faster configure script.
- Most configuration items are gone.
- Retired all existing capability flags.
- Documentation on readthedocs.org, thanks Tim Sheerman-Chase.
- Expose SQLSTATE error codes in sql_error exceptions.
- Adds a first-generation parser for SQL arrays.
