pkgsrc changes:
- Remove custom and no longer needed do-patch target, it was fixed upstream
- Minor cosmetic improvements pointed out by pkglint
Changes:
- Backport patches for CVE-2018-6951, CVE-2018-6952 and CVE-2018-1000156
Patch provided by Attila Fülöp via NetBSD/pkgsrc#33, thanks!
Bump PKGREVISION
Lots of bugfixes all over the map. Thanks to all for testing and
patches!
Adam Jackson (8):
modesetting: Lie less in the man page
modesetting: Document Option "DoubleShadow" in the man page
xfree86: Fix Option "MaxClients" validation
modesetting: Don't free(dst) in drmmode_prop_info_copy
glamor_egl: Don't initialize on llvmpipe
glamor/egl: Avoid crashing on broken configurations
fbdevhw: Refuse to touch PCI devices on the fallback probe path
xserver 1.20.2
Alex Goins (1):
randr: rrCheckPixmapBounding should only increase screen size
Alexander Volkov (1):
os/xdmcp: Don't create a new socket in XdmcpReset()
Cedric Roux (1):
miext/damage: take care of the coordinate mode in damagePolyPoint
Dave Airlie (9):
shm: move shmsize verify before allocating the drawable.
xi: free modifiers_failed on error path. (v2)
fboverlay: move bpp checks above malloc
glamor: fix leak of fs_getcolor_source.
modesetting: get pEnt after error checks
posix_tty: free leak of xf86SetStrOption return value.
xkb: fix what looks to be a copy-paste error with first vs firstMM
mibltblt: free prgnSrcClip on error path.
devices: break after finding and removing device from lists
Jim Qu (1):
modesetting: code refactor for PRIME sync
Lionel Landwerlin (2):
present: fix freed pointer access
xwayland: fix access to invalid pointer
Olivier Fourdan (3):
glx: check for indirect context in CreateContextAttribsARB()
xwayland: Remove xwl_present_window from privates on cleanup
xwayland: Use `double` for `xwl_tablet_tool`
Peter Hutterer (1):
dix: check_modmap_change() returns Success, not true
Pierre Ossman (1):
Switch automatic composite update to WorkQueue
Scott Anderson (1):
xwayland: use wayland axis_discrete event
Andrey Grodzovsky (2):
amdgpu/test: Allow BO mapping flags to be passed in tests
amdgpu/test: Fix deadlock tests for AI and RV v2
Rob Clark (14):
xf86drmHash: remove redundant zero init
freedreno/msm: get rid of ring_bo unref hack
freedreno: expose refcnt'ing on ringbuffers
freedreno: add flags param for rb creation
freedreno/msm: support suballocation for stateobj rb's
freedreno: remove deprecated ringmarker API
freedreno/msm: remove reset of linked rings
freedreno/msm: simplify emit_reloc_ring() vfunc
freedreno/msm: use hashtable to track submit.cmds table
freedreno/msm: simplify msm_ringbuffer_flush()
freedreno/msm: handle ring-reloc to other stateobjs
freedreno/kgsl: fix build
freedreno/msm: fix c90 warning
Bump to version 2.4.96
Thomas Hellstrom (1):
libdrm: Allow dynamic drm majors on linux
3.6.1 Stable
Brew formula fixes
3.6 Stable
New features
------------
New pro charts
Ability to compare data with the past (time shift)
Trend lines based on ASAP
Average and percentile lines overlayed on the graph and animated
New color scheme that uses pastel colors for better visualization
https://www.ntop.org/ntopng/ntopng-and-time-series-from-rrd-to-influxdb-new-charts-with-time-shift/
New timeseries API with support for RRD and InfluxDB
Abstracts and handles multiple sources transparently
https://www.ntop.org/guides/ntopng/api/lua/timeseries/index.html
Streaming pcap captures with BPF support
Download live packet captures right from the browser
New SNMP devices caching
Periodically cache information of all the SNMP device configured
Calculate and visualize interfaces throughput
Improvements
------------
Security
Access to the web user interface is controlled with ACLs
Secure ntopng cookies with SameSite and HttpOnly
HTTP cookie authentication
Improved random session id generation
Various SNMP improvemenets
Caching
Interfaces status change alerts
Device interfaces page
Devices and interfaces added to flows
Fixed several library memory leaks
Improved device and interface charts
Interfaces throughput calculation and visualization
Ability to delete all SNMP devices at once
Improved active devices discovery
OS detection via HTTP User-Agent
Alerts
Crypto miners alerts toggle
Detection and alerting of anomalous terminations
Module for sending telegram.org alerts
Slack
Configurable Slack channel names
Added Slack test button
Charts
Active flows vs local hosts chart
Active flows vs interface traffic chart
Ubuntu 18.04 support
Support for ElasticSearch 6 export
Added support for custom categories lists
Added ability to use the non-JIT Lua interpreter
Improved ntopng startup and shutdown time
Support for capturing from interface pairs with PF_RING ZC
Support for variable PPP header lenght
Migrated geolocation to GeoLite2 and libmaxminddb
Configuration backup and restore
Improved IE browser support
Using client SSL certificate for protocol detection
Optimized host/flows purging
2.4 Stable:
New Supported Protocols and Services
------------------------------------
Showmax.com
Musical.ly
RapidVideo
VidTO streaming service
Apache JServ Protocol
Facebook Messenger
FacebookZero protocol
Improvements
------------
Improved YouTube support
Improved Netflix support
Updated Google Hangout detection
Updated Twitter address range
Updated Viber ports, subnet and domain
Updated AmazonVideo detection
Updated list of FaceBook sites
Initial Skype in/out support
Improved Tor detection
Improved hyperscan support and category definition
Custom categories loading, extended ndpiReader (-c <file>) for loading name-based categories
Fixes
-----
Fixes for Instagram flows classified as Facebook
Fixed Spotify detection
Fixed minimum packet payload length for SSDP
Fixed length check in MSN, x-steam-sid, Tor certificate name
Increase client's maximum payload length for SSH
Fixed end-of-line bounds handling
Fixed substring matching
Fix for handling IP address based custom categories
Repaired wrong timestamp calculation
Fixed memory leak
Optimized memory usage
Other/Changes
-------------
New API calls:
ndpi_set_detection_preferences()
ndpi_load_hostname_category()
ndpi_enable_loaded_categories()
ndpi_fill_protocol_category()
ndpi_process_extra_packet()
Skype CallIn/CallOut are now set as Skype.SkypeCallOut Skype.SkypeCallIn
Added support for SMTPS on port 587
Changed RTP from VoIP to Media category
Added site unavailable category
Added custom categories CUSTOM_CATEGORY_MINING, CUSTOM_CATEGORY_MALWARE, CUSTOM_CATEGORY_ADVERTISEMENT, CUSTOM_CATEGORY_BANNED_SITE
Implemented hash-based categories
Converted some not popular protocols to NDPI_PROTOCOL_GENERIC with category detection
libgit2 0.27.5 (2018/10/5)
This is a security release fixing the following list of issues:
* Submodule URLs and paths with a leading "-" are now ignored. This is due to
the recently discovered CVE-2018-17456, which can lead to arbitrary code
execution in upstream git. While libgit2 itself is not vulnerable, it can
be used to inject options in an implementation which performs a recursive
clone by executing an external command.
* When running repack while doing repo writes, packfile_load__cb() could see
some temporary files in the directory that were bigger than the usual, and
makes memcmp overflow on the p->pack_name string. This issue was reported
and fixed by bisho.
* The configuration file parser used unbounded recursion to parse multiline
variables, which could lead to a stack overflow. The issue was reported by
the oss-fuzz project, issue 10048 and fixed by Nelson Elhage.
* The fix to the unbounded recursion introduced a memory leak in the config
parser. While this leak was never in a public release, the oss-fuzz project
reported this as issue 10127. The fix was implemented by Nelson Elhage and
Patrick Steinhardt.
* When parsing "ok" packets received via the smart protocol, our parsing code
did not correctly verify the bounds of the packets, which could result in a
heap-buffer overflow. The issue was reported by the oss-fuzz project, issue
9749 and fixed by Patrick Steinhardt.
* The parsing code for the smart protocol has been tightened in general,
fixing heap-buffer overflows when parsing the packet type as well as for
"ACK" and "unpack" packets. The issue was discovered and fixed by Patrick
Steinhardt.
* Fixed potential integer overflows on platforms with 16 bit integers when
parsing packets for the smart protocol. The issue was discovered and fixed
by Patrick Steinhardt.
* Fixed potential NULL pointer dereference when parsing configuration files
which have "include.path" or "includeIf..path" statements without a value.
Release notes
Maintenance and security release of the Drupal 8 series.
This release fixes security vulnerabilities. Sites are urged to upgrade
immediately after reading the notes below and the security announcement:
* Drupal Core - Multiple vulnerabilities - SA-CORE-2018-006
No other fixes are included.
Sites on 8.5.x should update immediately to Drupal 8.5.8 instead, and plan to
update to the latest 8.6.x release before May 2019.
Important update information
Site update and module owners planning to update to this should take note of
the following important changes.
For site owners
* Previously, users who didn't have access to use any Content Moderation
transitions were granted implicit access to update content provided the
state of the content did not change. This access has been removed. Site
owners should ensure that all content editor roles have access to
appropriate transitions for moderated content types (including published to
published where appropriate).
* There are no database updates in this release, but site owners will need to
run update.php to ensure a cache clear.
* No changes have been made to the .htaccess, web.config, robots.txt or
default settings.php files in this release, so upgrading custom versions of
those files is not necessary.
For contributed and custom module developers
* \Drupal\Core\EventSubscriber\RedirectResponseSubscriber::sanitizeDestination()
has been removed. If you have extended that class or are calling that
method, you should review your implementation in line with the changes in
the patch.
* An additional method has been added to
StateTransitionValidationInterface. Implementations should review the new
method and ensure compatibility with it.
* ModerationStateConstraintValidator now has two additional service
dependencies. Subclasses will need to update their constructor to inject the
new services.
Ruby 2.3.8 Released
Ruby 2.3.8 has been released. This release includes several security
fixes. Please check the topics below for details.
* CVE-2018-16396: Tainted flags are not propagated in Array#pack and
String#unpack with some directives
* CVE-2018-16395: OpenSSL::X509::Name equality check does not work
correctly This release also includes a non-security fix to support
Visual Studio 2014 with Windows 10 October 2018 Update for
maintenance reasons.
Ruby 2.3 is now under the state of the security maintenance phase,
until the end of the March of 2019. After the date, maintenance of
Ruby 2.3 will be ended. We recommend you start planning migration to
newer versions of Ruby, such as 2.5 or 2.4.
Ruby 2.5.2 Released
Ruby 2.5.2 has been released.
This release includes some bug fixes and some security fixes.
* CVE-2018-16396: Tainted flags are not propagated in Array#pack and
String#unpack with some directives
* CVE-2018-16395: OpenSSL::X509::Name equality check does not work correctly
There are also some bug fixes. See commit logs for more details.
Ruby 2.5.3 Released
Ruby 2.5.3 has been released.
There were some missing files in the release packages of 2.5.2 which are
necessary for building. See details in [Bug #15232].
This release is just for fixing the packaging issue. This release doesn’t
contain any additional bug fixes from 2.5.2.
Ruby 2.4.5 Released
Ruby 2.4.5 has been released.
This release includes about 40 bug fixes after the previous release, and also
includes several security fixes. Please check the topics below for details.
* CVE-2018-16396: Tainted flags are not propagated in Array#pack and
String#unpack with some directives
* CVE-2018-16395: OpenSSL::X509::Name equality check does not work correctly
See the commit logs for details.
pkgsrc changes:
- Add patches to avoid `%m' in printf(3) for code used as part of tests
- Add support for tests. Please note that ATM, at least on NetBSD/amd64
-current this is the result of the test suite:
PASS: testdither
FAIL: test_analyze
FAIL: test_pdf
FAIL: test_ps
PASS: test_pdf1
FAIL: test_pdf2
The failure assert(3) needs further investigation (sorry!)
Changes:
1.21.3
------
- foomatic-rip: Reset stdin after replacing the underlying file
descriptor (Issue #58).
1.21.2
------
- cups-browsed: Fixed freeing of literal string caused by
Coverity Scan issue fix (Debian bug #907399).
version 1.4.1:
add W504 fixed method
add E402 fixed method
new feature: reading from .flake8 and $HOME/.pycodestyle file that using as autopep8's configuration, and add configuration section into README ()
add --exit-code command line option
case of if --exit-code option is False. this is default
return 1 when error occured
otherwise return 0 (command successful)
case of if --exit-code option is True
return 1 when error occured
return 2 when exists changes in files (command successful)
otherwise return 0 (command successful)
This option is valid for any operating mode such as --diff, --in-place, non option etc
fix bugs
1.0.1:
Fixed an issue where revision descriptions were essentially being formatted twice. Any revision description that contained characters like %, writing output to stdout will fail because the call to config.print_stdout attempted to format any additional args passed to the function. This fix now only applies string formatting if any args are provided along with the output text.
Fixed issue where removed method union_update() was used when a customized MigrationScript instance included entries in the .imports data member, raising an AttributeError.
pytest 3.9.1:
Features
- For test-suites containing test classes, the information about the subclassed module is now output only if a higher verbosity level is specified (at least “-vv”).
pytest 3.9.0:
Deprecations
- The following accesses have been documented as deprecated for years, but are now actually emitting deprecation warnings.
Access of Module, Function, Class, Instance, File and Item through Node instances. Now users will this warning:
usage of Function.Module is deprecated, please use pytest.Module instead
Users should just import pytest and access those objects using the pytest module.
request.cached_setup, this was the precursor of the setup/teardown mechanism available to fixtures. You can consult funcarg comparison section in the docs.
Using objects named "Class" as a way to customize the type of nodes that are collected in Collector subclasses has been deprecated. Users instead should use pytest_collect_make_item to customize node types during collection.
This issue should affect only advanced plugins who create new collection types, so if you see this warning message please contact the authors so they can change the code.
The warning that produces the message below has changed to RemovedInPytest4Warning:
getfuncargvalue is deprecated, use getfixturevalue
- Add a Deprecation warning for pytest.ensuretemp as it was deprecated since a while.
Features
- Improve usage errors messages by hiding internal details which can be distracting and noisy.
This has the side effect that some error conditions that previously raised generic errors (such as ValueError for unregistered marks) are now raising Failed exceptions.
- Improve the error displayed when a conftest.py file could not be imported.
In order to implement this, a new chain parameter was added to ExceptionInfo.getrepr to show or hide chained tracebacks in Python 3 (defaults to True).
- Add empty_parameter_set_mark=fail_at_collect ini option for raising an exception when parametrize collects an empty set.
- Log messages generated in the collection phase are shown when live-logging is enabled and/or when they are logged to a file.
- Introduce tmp_path as a fixture providing a Path object.
- Deprecation warnings are now shown even if you customize the warnings filters yourself. In the previous version any customization would override pytest’s filters and deprecation warnings would fall back to being hidden by default.
- Allow specification of timeout for Testdir.runpytest_subprocess() and Testdir.run().
- Add returncode argument to pytest.exit() to exit pytest with a specific return code.
- Reimplement pytest.deprecated_call using pytest.warns so it supports the match='...' keyword argument.
This has the side effect that pytest.deprecated_call now raises pytest.fail.Exception instead of AssertionError.
- Require setuptools>=30.3 and move most of the metadata to setup.cfg.
Bug Fixes
- Improve error message when test functions of unittest.TestCase subclasses use a parametrized fixture.
- request.fixturenames now correctly returns the name of fixtures created by request.getfixturevalue().
- Warning filters passed as command line options using -W now take precedence over filters defined in ini configuration files.
- Fix source reindenting by using textwrap.dedent directly.
- pytest.warn will capture previously-warned warnings in Python 2. Previously they were never raised.
- Resolve symbolic links for args.
This fixes running pytest tests/test_foo.py::test_bar, where tests is a symlink to project/app/tests: previously project/app/conftest.py would be ignored for fixtures then.
- Fix duplicate printing of internal errors when using --pdb.
- pathlib based tmpdir cleanup now correctly handles symlinks in the folder.
- Display the filename when encountering SyntaxWarning.
Improved Documentation
- Update usefixtures documentation to clarify that it can’t be used with fixture functions.
- Update fixture documentation to specify that a fixture can be invoked twice in the scope it’s defined for.
- According to unittest.rst, setUpModule and tearDownModule were not implemented, but it turns out they are. So updated the documentation for unittest.
- Add tempir testing example to CONTRIBUTING.rst guide
Trivial/Internal Changes
- The internal MarkerError exception has been removed.
- Port the implementation of tmpdir to pathlib.
- Exclude 0.00 second entries from --duration output unless -vv is passed on the command-line.
- Fixed formatting of string literals in internal tests.
3.78.0:
This release has deprecated the generation of integers, floats and fractions when the conversion of the upper and/ or lower bound is not 100% exact, e.g. when an integer gets passed a bound that is not a whole number. (:issue:1625)
3.77.0:
This minor release adds functionality to :obj:~hypothesis.settings allowing it to be used as a decorator on :obj:~hypothesis.stateful.RuleBasedStateMachine and :obj:~hypothesis.stateful.GenericStateMachine.
3.76.1:
This patch fixes some warnings added by recent releases of :pypi:pydocstyle and :pypi:mypy.
