Update clamav to 0.102.2.
## 0.102.2
ClamAV 0.102.2 is a bug patch release to address the following issues.
- [CVE-2020-3123](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3123):
An Denial-of-Service (DoS) condition may occur when using the optional credit
card data-loss-prevention (DLP) feature. Improper bounds checking of an
unsigned variable resulted in an out-of-bounds read which causes a crash.
- Significantly improved scan speed of PDF files on Windows.
- Re-applied a fix to alleviate file access issues when scanning RAR files in
downstream projects that use libclamav where the scanning engine is operating
in a low-privelege process. This bug was originally fixed in 0.101.2 and the
fix was mistakenly omitted from 0.102.0.
- Fixed an issue wherein freshclam failed to update if the database version
downloaded is 1 version older than advertised. This situation may occur after
a new database version is published. The issue affected users downloading the
whole CVD database file.
- Changed the default freshclam ReceiveTimeout setting to 0 (infinite).
The ReceiveTimeout had caused needless database update failures for users with
slower internet connections.
- Correctly display number of kilobytes (KiB) in progress bar and reduced the
size of the progress bar to accomodate 80-char width terminals.
- Fixed an issue where running freshclam manually causes a daemonized freshclam
process to fail when it updates because the manual instance deletes the
temporary download directory. Freshclam temporary files will now download to a
unique directory created at the time of an update instead of using a hardcoded
directory created/destroyed at the program start/exit.
- Fix for Freshclam's OnOutdatedExecute config option.
- Fixes a memory leak in the error condition handling for the email parser.
- Improved bound checking and error handling in ARJ archive parser.
- Improved error handling in PDF parser.
- Fix for memory leak in byte-compare signature handler.
- Updates to the unit test suite to support libcheck 0.13.
- Updates to support autoconf 2.69 and automake 1.15.
Special thanks to the following for code contributions and bug reports:
- Antoine Deschênes
- Eric Lindblad
- Gianluigi Tiesi
- Tuomo Soini
The remserial program acts as a communications bridge between a
TCP/IP network port and a Linux device such as a serial port. Any
character-oriented Linux /dev device will work.
The program can also use pseudo-ttys as the device. A pseudo-tty
is like a serial port in that it has a /dev entry that can be opened
by a program that expects a serial port device, except that instead
of belonging to a physical serial device, the data can be intercepted
by another program. The remserial program uses this to connect a
network port to the "master" (programming) side of the pseudo-tty
allowing the device driver (slave) side to be used by some program
expecting a serial port. See example 3 below for details.
The program can operate as a server accepting network connections
from other machines, or as a client, connecting to remote machine
that is running the remserial program or some other program that
accepts a raw network connection. The network connection passes
data as-is, there is no control protocol over the network socket.
Multiple copies of the program can run on the same computer at the
same time assuming each is using a different network port and
device.
Changes:
2.26.4
======
- Always use a light theme for rendering form controls.
- Fix the build with WPE renderer disabled.
- Fix the build with OpenGL disabled.
- Fix the build with GCC 10.
- Fix several crashes and rendering issues.
Changes:
4.4
---
- Use a single inotify queue on Linux, limited by
/proc/sys/fs/inotify/max_user_watches
- Set the environment variable `ENTR_INOTIFY_WORKAROUND` to enable a
compatibility mode for platforms with deformed inotify support
PostgreSQL 12.2, 11.7, 10.12, 9.6.17, 9.5.21, and 9.4.26
PostgreSQL 9.4 Now EOL
This is the last release for PostgreSQL 9.4, which will no longer receive security updates and bug fixes. PostgreSQL 9.4 introduced new features such as JSONB support, the ALTER SYSTEM command, the ability to stream logical changes to an output plugin, and more.
While we are very proud of this release, these features are also found in newer versions of PostgreSQL. Many of these features have also received improvements, and, per our versioning policy, it is time to retire PostgreSQL 9.4.
To receive continued support, we suggest that you make plans to upgrade to a newer, supported version of PostgreSQL. Please see the PostgreSQL versioning policy for more information.
Security Issues
CVE-2020-1720: ALTER ... DEPENDS ON EXTENSION is missing authorization checks.
Versions Affected: 9.6 - 12
The ALTER ... DEPENDS ON EXTENSION sub-commands do not perform authorization checks, which can allow an unprivileged user to drop any function, procedure, materialized view, index, or trigger under certain conditions. This attack is possible if an administrator has installed an extension and an unprivileged user can CREATE, or an extension owner either executes DROP EXTENSION predictably or can be convinced to execute DROP EXTENSION.
Bug Fixes and Improvements
This update also fixes over 75 bugs that were reported in the last several months. Some of these issues affect only version 12, but may also affect all supported versions.
Some of these fixes include:
Fix for partitioned tables with foreign-key references where TRUNCATE ... CASCADE would not remove all data. If you have previously used TRUNCATE ... CASCADE on a partitioned table with foreign-key references please see the "Updating" section for verification and cleanup steps.
Fix failure to add foreign key constraints to table with sub-partitions (aka a multi-level partitioned table). If you have previously used this functionality, you can fix it by either detaching and re-attaching the affected partition, or by dropping and re-adding the foreign key constraint to the parent table. You can find more information on how to perform these steps in the ALTER TABLE documentation.
Fix performance issue for partitioned tables introduced by the fix for CVE-2017-7484 that now allows the planner to use statistics on a child table for a column that the user is granted access to on the parent table when the query contains a leaky operator.
Several other fixes and changes for partitioned tables, including disallowing partition key expressions that return pseudo-types, such as RECORD.
Fix for logical replication subscribers for executing per-column UPDATE triggers.
Fix for several crashes and failures for logical replication subscribers and publishers.
Improve efficiency of logical replication with REPLICA IDENTITY FULL.
Ensure that calling pg_replication_slot_advance() on a physical replication slot will persist changes across restarts.
Several fixes for the walsender processes.
Improve performance of hash joins with very large inner relations.
Fix placement of "Subplans Removed" field in EXPLAIN output by placing it with its parent Append or MergeAppend plan.
Several fixes for parallel query plans.
Several fixes for query planner errors, including one that affected joins to single-row subqueries.
Several fixes for MCV extend statistics, including one for incorrect estimation for OR clauses.
Improve efficiency of parallel hash join on CPUs with many cores.
Ignore the CONCURRENTLY option when performing an index creation, drop, or reindex on a temporary table.
Fall back to non-parallel index builds when a parallelized CREATE INDEX has no free dynamic shared memory slots.
Several fixes for GiST & GIN indexes.
Fix possible crash in BRIN index operations with box, range and inet data types.
Fix support for BRIN hypothetical indexes.
Fix failure in ALTER TABLE when a column referenced in a GENERATED expression is added or changed in type earlier in the same ALTER TABLE statement.
Fix handling of multiple AFTER ROW triggers on a foreign table.
Fix off-by-one result for EXTRACT(ISOYEAR FROM timestamp) for BC dates.
Prevent unwanted lowercasing and truncation of RADIUS authentication parameters in the pg_hba.conf file.
Several fixes for GSSAPI support, including having libpq accept all GSS-related connection parameters even if the GSSAPI code is not compiled in.
Several fixes for pg_dump and pg_restore when run in parallel mode.
Fix crash with postgres_fdw when trying to execute a remote query on the remote server such as UPDATE remote_tab SET (x,y) = (SELECT ...).
Disallow NULL category values in the crosstab() function of contrib/tablefunc to prevent crashes.
Several fixes for Windows, including a race condition that could cause timing oddities with NOTIFY.
Several ecpg fixes.
Highlights:
- Groupby aggregation with relabeling
- Better repr for MultiIndex
- Better truncated repr for Series and DataFrame
- Series.explode to split list-like values to rows
Suggested by the upstream author Stefan Hundhammer in
https://mail-index.netbsd.org/pkgsrc-users/2020/02/13/msg030448.html.
Changes since 1.6:
- Much better handling for "permission denied" errors while reading directories.
- Now showing the exact byte size (134 495 994 Bytes instead of 128.3 MB)
upon mouse click in the tree (right click) and in the details panel (left or
right click).
- New optional tree column "Oldest File" (not enabled by default).
- Bug fix: Support for dark widget themes in File Size Histogram window.
Changelog:
Notable Changes in NSS 3.50
* Verified primitives from HACL* were updated, bringing performance
improvements for several platforms.
Note that Intel processors with SSE4 but without AVX are currently unable to
use the improved ChaCha20/Poly1305 due to a build issue; such platforms will
fall-back to less optimized algorithms. See Bug 1609569 for details.
* Updated DTLS 1.3 implementation to Draft-30. See Bug 1599514 for details.
* Added NIST SP800-108 KBKDF - PKCS#11 implementation. See Bug 1599603 for
details.
Bugs fixed in NSS 3.50
* Bug 1599514 - Update DTLS 1.3 implementation to Draft-30
* Bug 1603438 - Fix native tools build failure due to lack of zlib include dir
if external
* Bug 1599603 - NIST SP800-108 KBKDF - PKCS#11 implementation
* Bug 1606992 - Cache the most recent PBKDF1 password hash, to speed up
repeated SDR operations, important with the increased KDF iteration counts.
NSS 3.49.1 sped up PBKDF2 operations, though PBKDF1 operations are also
relevant for older NSS databases (also included in NSS 3.49.2)
* Bug 1608895 - Gyp builds on taskcluster broken by Setuptools v45.0.0 (for
lacking Python3)
* Bug 1574643 - Upgrade HACL* verified implementations of ChaCha20, Poly1305,
and 64-bit Curve25519
* Bug 1608327 - Two problems with NEON-specific code in freebl
* Bug 1575843 - Detect AArch64 CPU features on FreeBSD
* Bug 1607099 - Remove the buildbot configuration
* Bug 1585429 - Add more HKDF test vectors
* Bug 1573911 - Add more RSA test vectors
* Bug 1605314 - Compare all 8 bytes of an mp_digit when clamping in Windows
assembly/mp_comba
* Bug 1604596 - Update Wycheproof vectors and add support for CBC, P256-ECDH,
and CMAC tests
* Bug 1608493 - Use AES-NI for non-GCM AES ciphers on platforms with no
assembly-optimized implementation, such as macOS.
* Bug 1547639 - Update zlib in NSS to 1.2.11
* Bug 1609181 - Detect ARM (32-bit) CPU features on FreeBSD
* Bug 1602386 - Fix build on FreeBSD/powerpc*
* Bug 1608151 - Introduce NSS_DISABLE_ALTIVEC
* Bug 1612623 - Depend on NSPR 4.25
* Bug 1609673 - Fix a crash when NSS is compiled without libnssdbm support,
but the nssdbm shared object is available anyway.
v3.5.0
* add ``no-local-version`` local scheme and improve documentation for schemes
v3.4.4
* fix: also sort out resource warnings when dealing with git file finding
0.13.1
- Drop support for Python 2.6 and 3.4.
- Ignore empty lines in log files when looking for the pattern that indicates
a process has started.
0.13.0
- Never released due to deploy issues.
- Important (and possibly breaking) changes:
- Change default schema from JSON to Core.
Reason: This is the recommended Schema for YAML 1.2, and what people
would expect to be the default.
- load* in scalar context returns first document.
Reason: I think this is the most reasonable behaviour, and it
will continue to work the same if you later add documents to a file.
- Empty nodes in YAML 1.2 JSON Schema resolve to '' by default like
before, but now it can be configured
- Fix some control character escaping and encoding issues (issue#16, issue#17)
YAML::PP will now just assume all input data are unicode characters
and won't do an explicit utf8::upgrade
- Fix Core schema resolver for inf: add +.inf, +.Inf, +.INF
- Improve emitter regarding empty lists/hashes (no newline before []/{})
- Spelling and grammar fixes (PR#23 @gregoa)
- Fix YAML::PP::Grammar pod (PR#22 @gregoa)
- Fix yamlpp5-load-dump
- Fix error tokens output
- Update yaml-test-suite to data-2020-02-11
This software has a lot of hard-coded references to external binaries,
with sometimes incorrect assumptions. Deal with these through the SUBST
framework for now. (Any mistakes here are solely mine.)
## [1.11.0](https://github.com/go-gitea/gitea/releases/tag/v1.11.0) - 2020-02-10
* BREAKING
* Fix followers and following tabs in profile (#10202) (#10203)
* Make CertFile and KeyFile relative to CustomPath (#9868) (#9874)
* Remove unused endpoints (#9538)
* Prefix all user-generated IDs in markup (#9477)
* Enforce Gitea environment for pushes (#8982)
* Hide some user information via API if user have not enough permissions (#8655)
* Move startpage/homepage translation to crowdin (#8596)
* SECURITY
* Never allow an empty password to validate (#9682) (#9683)
* Prevent redirect to Host (#9678) (#9679)
* Swagger hide search field (#9554)
* Add "search" to reserved usernames (#9063)
* Switch to fomantic-ui (#9374)
* Only serve attachments when linked to issue/release and if accessible by user (#9340)
* FEATURES
* Webhooks should only show sender if it makes sense (#9601)
* Provide Default messages for merges (#9393)
* Add description to labels on create issue (#9392)
* Graceful Queues: Issue Indexing and Tasks (#9363)
* Default NO_REPLY_ADDRESS to DOMAIN (#9325)
* Allow FCGI over unix sockets (#9298)
* Graceful: Xorm, RepoIndexer, Cron and Others (#9282)
* Add API for Reactions (#9220)
* Graceful: Cancel Process on monitor pages & HammerTime (#9213)
* Graceful: Allow graceful restart for unix sockets (#9113)
* Graceful: Allow graceful restart for fcgi (#9112)
* Sign protected branches (#8993)
* Add Graceful shutdown for Windows and hooks for shutdown of goroutines (#8964)
* Add Gitea icon to Emojis (#8950)
* Expand/Collapse Files and Blob Excerpt while Reviewing/Comparing code (#8924)
* Allow Custom Reactions (#8886)
* Close/reopen issues by keywords in titles and comments (#8866)
* Allow incompletely specified Time Formats (#8816)
* Prevent upload (overwrite) of lfs locked file (#8769)
* Template Repositories (#8768)
* Add /milestones endpoint (#8733)
* Make repository management section handle lfs locks (#8726)
* Respect LFS File Lock on UI (#8719)
* Add team option to grant rights for all organization repositories (#8688)
* Enabling and disabling the commit button to prevent empty commits (web editor) (#8590)
* Add setting to disable BASIC authentication (#8586)
* Expose db.SetMaxOpenConns and allow non MySQL dbs to set conn pool params (#8528)
* Allow Protected Branches to Whitelist Deploy Keys (#8483)
* Push to create repo (#8419)
* Sign merges, CRUD, Wiki and Repository initialisation with gpg key (#7631)
* Add basic repository lfs management (#7199)
* BUGFIXES
* Fix code-expansion arc-green theme bug (#10180) (#10185)
* Prevent double wait-group decrement (#10170) (#10175)
* Allow emoji on review head comments (#10159) (#10174)
* Fix issue/pull link (#10158) (#10173)
* Fix push-create SSH bugs (#10145) (#10151)
* Prevent DeleteUser API abuse (#10125) (#10128)
* Fix issues/pulls dashboard paging error (#10114) (#10115)
* Add button to revert SimpleMDE to plain textarea (#10099) (#10102)
* Fix branch page pull request title and link error (#10092) (#10097)
* Fix PR API: Only try to get HeadBranch if HeadRepo exist (#10029) (#10088)
* Update topics repo count when deleting repository (#10051) (#10081)
* Show pull icon on pull requests (#10061) (#10062)
* Fix milestone API state parameter unhandled (#10049) (#10052)
* Move to using a temporary repo for pushing new PRs (#10009) (#10042)
* Fix wiki raw view on sub path (#10002) (#10040)
* Ensure that feeds are appropriately restricted (#10018) (#10019)
* Sanitize credentials in mirror form (#9975) (#9991)
* Close related pull requests when deleting head repository or head branch (#9927) (#9974)
* Switch to use -f instead of -F for sendmail (#9961) (#9970)
* Fix file rename/copy not supported by indexer (#9965) (#9967)
* Fix repo indexer not updating upon push (#9957) (#9963)
* Don't convert ellipsis in markdown (#9905) (#9937)
* Fixed repo link in generated comment for cross repository dependency (#9863) (#9935)
* Check if diff actually contains sections when rendering (#9926) (#9933)
* Fix wrong hint when status checking is running on pull request view (#9886) (#9928)
* Fix RocketChat (#9908) (#9921)
* Do not try to recreate ldap user if they are already created (#9900) (#9919)
* Create terminated channel in queue_redis (#9910) (#9911)
* Prevent empty LDAP search result from deactivating all users (#9879) (#9896)
* Fix wrong permissions check when issues/prs shared operations (#9885) (#9889)
* Check user != nil before checking values (#9881) (#9883)
* Allow hyphen in language name (#9873) (#9880)
* Ensure that 2fa is checked on reset-password (#9857) (#9876)
* Fix issues/pulls dependencies problems (#9842) (#9864)
* Fix markdown anchor links (#9673) (#9840)
* Allow assignee on Pull Creation when Issue Unit is deactivated (#9836) (#9837)
* Fix download file wrong content-type (#9825) (#9834)
* Fix wrong poster identity on a migrated pull request when submit review (#9827) (#9830)
* Fix database dump when log directory is missing (#9818) (#9819)
* Fix compare (#9808) (#9814)
* Fix push-to-create (#9772) (#9797)
* Fix missing msteam webhook on organization (#9781) (#9794)
* Fix missing unlock in uniquequeue (#9790) (#9791)
* Fix add team on collaborator page when same name as organization (#9778)
* DeleteRepoFile incorrectly handles Delete to new branch (#9769) (#9775)
* Fix milestones page (#9771)
* Fix SimpleMDE quote reply (#9757) (#9768)
* Fix missing updated time on migrated issues and comments (#9744) (#9764)
* Move Errored PRs out of StatusChecking (#9675) (#9726)
* Make hook status printing configurable with delay (#9641) (#9725)
* Fix /repos/issues/search (#9698) (#9724)
* Silence fomantic error regarding tabs (#9713) (#9718)
* Remove unused lock (#9709) (#9710)
* Remove q.lock.Unlock() in setInternal to prevent panic (#9705) (#9706)
* Load milestone in API PR list (#9671) (#9700)
* Don't attempt to close issue if already closed (#9696) (#9699)
* Remove google font call (#9668) (#9681)
* Eliminate horizontal scroll caused by footer (#9674)
* Fix nil reference in repo generation (#9660) (#9666)
* Add HTML URL to API Issues (#9654) (#9661)
* Add PR review webhook to Telegram (#9653) (#9655)
* Use filepath.IsAbs instead of path.IsAbs (#9651) (#9652)
* Disable remove button on repository teams when have access to all (#9640)
* Clean up old references on branch delete (#9614)
* Hide public repos owned by private orgs (#9609)
* Fix access issues on milestone and issue overview pages. (#9603)
* Fix error logged when repos qs is empty (#9591)
* Dont trigger notification twice on issue assignee change (#9582)
* Fix mirror pushed commit actions (#9572)
* Allow only specific columns to be updated on issue via API (#9189) (#9539)
* Fix default avatar for ghost user (#9536)
* Fix download of release attachments with same name (#9529)
* Resolve deprecated INI conversion (#9525)
* Ignore empty avatars during database migration (#9520)
* Fix deleted branch isn't removed when push the branch again (#9516)
* Fix repository issues pagination bug when there are more than one label filter (#9512)
* Fix SetExpr failed (#9506)
* Remove obsolete file private/push_update.go (#9503)
* When recreating hooks, delete them first so they are recreated with the umask (#9502)
* Properly enforce gitea environment for pushes (#9501)
* Fix datarace on repo indexer queue (#9490)
* Add call to load repo prior to redirect in add/remove dependency code (#9484)
* Wrap the code indexer (#9476)
* Use Req.URL.RequestURI() to cope with FCGI urls (#9473)
* Set default ssh.minimum_key_sizes (#9466)
* Fixed issue with paging in /repos/{owner}/{repo}/git/trees/{sha} api (#9459)
* Fix wrong notification on merge (#9450)
* Issue with Migration rule v111 (#9449)
* Trigger webhook when deleting a branch after merging a PR (#9424)
* Add migration to sanitize repository original_url (#9423)
* Use OriginalURL instead of CloneAddr in migration logging (#9418)
* Push update after branch is restored (#9416)
* Fix wrong migration (#9381)
* Fix show repositories filter (#9234) (#9379)
* Fix Slack webhook payload title generation to work with Mattermost (#9378)
* Fix double webhook for new PR (#9375)
* AuthorizedKeysCommand should not query db directly (#9371)
* Fix missed change to GetManager() (#9361)
* Fix cache problem on dashboard (#9358)
* RepoIndexer: DefaultBranch needs to be prefixed by BranchPrefix (#9356)
* Fix protected branch using IssueID (#9348)
* Fix nondeterministic behavior (#9341)
* Fix PR/issue redirects when having external tracker (#9339)
* Remove release attachments which repository has been deleted (#9334)
* Fix issue indexer not triggered when migrating a repository (#9332)
* Add SyncTags to uploader interface (#9326)
* Fix bug that release attachment files not deleted when deleting repository (#9322)
* Only sync tags after all migration release batches are completed (#9319)
* File Edit: Author/Committer interchanged (#9297)
* prebuild CSS/JS before xgo release binaries (#9293)
* Log: Ensure FLAGS=none shows no flags (#9287)
* Make Diff Detail on Pull Request Changed File UI always on Top (#9280)
* Switch CSS minifier to cssnano (#9260)
* Fix latest docker image haven't include static files. (#9252)
* Don't link wiki revision to commit (#9244)
* Change review content column to type text in db (#9229)
* Fixed topic regex pattern and added search by topic links after save (#9219)
* Add language to user API responce (#9215)
* Correct tooltip message blocked by dependencies (#9211)
* Add SimpleMDE and Fix Image Paste for Issue/Comment Editor (#9197)
* Fix panic when diff (#9187)
* Fix#9151 - smtp logger configuration sendTos should be an array (#9154)
* Fix max length check and limit in multiple repo forms (#9148)
* Always Show Password Field on Link Account Sign-in Page (#9147)
* Properly fix displaying virtual session provider in admin panel (#9137)
* Fix race condition on indexer (#9136)
* Fix team links in HTML rendering (#9127)
* Fix race condition in ReplaceSanitizer (#9123)
* Fix what information is shown about user in API (#9115)
* Fix nil context user for template repositories (#9099)
* Hide given credentials for migrated repos. (#9097)
* Fix reCAPTCHA API URL (#9083)
* Fix password checks on admin create/edit user (#9076)
* Update golang.org/x/crypto vendor to use acme v2 (#9056)
* Ensure Written is set in GZIP ProxyResponseWriter (#9018)
* Fix wrong system notice when repository is empty (#9010)
* Fix broken link to branch from issue list (#9003)
* Fix bug when pack js (#8992)
* New review approvals shouldn't require a message (#8991)
* Shadow password correctly for session config (#8984)
* Don't send notification on pending reviews (#8943)
* Fix Notify Create Ref Error on tag creation (#8936)
* Convert EOL to UNIX-style to render MD properly (#8925)
* Migrate temp_repo.go to use git.NewCommand (#8918)
* Fix issue with user.fullname (#8902)
* Add Close() method to gogitRepository (#8901)
* Enable punctuations ending mentions (#8889)
* Fix password complexity check on registration (#8887)
* Fix require external registration password (#8885)
* Fix edit content button on migrated issue content (#8877)
* Fix permission checks for close/reopen from commit (#8875)
* Fix API Bug (fail on empty assignees) (#8873)
* Stop using git count-objects and use raw directory size for repository (#8848)
* Fix count for commit graph last page (#8843)
* Fix to close opened io resources as soon as not needed (#8839)
* Improve notification (#8835)
* Fix new user form for non-local users (#8826)
* Fix: remove duplicated signed commit icons (#8820)
* Fix (open/closed) issue count when label excluded (#8815)
* Fix SSH2 conditional in key parsing code (#8806)
* Fix 500 when edit hook (#8782)
* On windows set core.longpaths true (#8776)
* Fix commit expand button to not go to commit link (#8745)
* Avoid re-issuing redundant cross-references. (#8734)
* Fix milestone close timestamp function (#8728)
* Move webhook codes from service to webhook notification (#8712)
* Show zero lines on the line counter if the file empty (#8700)
* Fix deadline on update issue or PR via API (#8696)
* make call createMilestoneComment on newIssue func (#8678)
* Send tag create and push webhook when release created on UI (#8671)
* Prevent chrome download page as html with alt + click (#8669)
* Fix 500 when getting user as unauthenticated user (#8653)
* Graceful fixes (#8645)
* Add SubURL to redirect path (#8632) (#8634)
* Fix extra columns from `label` table (#8633)
* Add SubURL to redirect path for transferred/renamed repos (#8632)
* Fix bug when migrate from API (#8631)
* Allow to merge if file path contains " or \ (#8629)
* Prevent removal of non-empty emoji panel following selection of duplicate (#8609)
* Ensure default gpg settings not nil and found commits have reference to repo (#8604)
* Set webhook Content-Type for application/x-www-form-urlencoded (#8599)
* Fix#8582 by handling empty repos (#8587)
* Fix of the diff statistics view on pull request's (#8581)
* Fix bug on pull requests when transfer head repository (#8564)
* Fix template error on account page (#8562)
* Allow externalID to be UUID (#8551)
* Fix ignored error on editorconfig api (#8550)
* Fix user avatar name (#8547)
* Ensure that GitRepo is set on Empty repositories (#8539)
* Add missed close in ServeBlobLFS (#8527)
* Fix migrate mirror 500 bug (#8526)
* Fix password complexity regex for special characters (on master) (#8525)
* ENHANCEMENTS
* Explicitly refer to PR in squash-merge commit message in case of external tracker (#9844) (#9855)
* Add a /user/login landing page option (#9622)
* Some more e-mail notification fixes (#9596)
* Add branch protection option to block merge on requested changes. (#9592)
* Add footer extra links template (#9576)
* Fix for a wrong URL in activity page of repository. (#9571)
* Update default issue template (#9568)
* Change markdown rendering from blackfriday to goldmark (#9533)
* Extend file create api with dates (#9464)
* Add ActionCommentPull action (#9456)
* Response for context on retry database connection (#9444)
* Refactor webhooks to reduce code duplication (#9422)
* update couchbase deps for new license (#9419)
* Add .ignore file for search tools (#9417)
* Remove unsued struct (#9405)
* Hide not allowed Reactions (#9387)
* Remove text from action-only webhooks (#9377)
* Move PushToBaseRepo from models to services/pull (#9352)
* Site admin could view org's members (#9346)
* Sleep longer if request speed is over github limitation (#9335)
* Refactor comment (#9330)
* Refactor code indexer (#9313)
* Remove SavePatch and generate patches on the fly (#9302)
* Move some pull request functions from models to services (#9266)
* Update JS dependencies (#9255)
* Show label list on label set (#9251)
* Redirect issue if repo has configured external tracker. (#9247)
* Allow kbd tags (#9245)
* Remove unused comment actions (#9222)
* Fixed errors logging in dump.go (#9218)
* Expose release counter to repo API response (#9214)
* Make consistent links to repository in the Slack/Mattermost notificiations (#9205)
* Expose pull request counter to repo API response (#9202)
* Extend TrackedTimes API (#9200)
* Extend StopWatch API (#9196)
* Move code indexer related code to a new package (#9191)
* Docker: ask s6 to stop all service when gitea stop (#9171)
* Variable expansion in repository templates (#9163)
* Add avatar and issue labels to template repositories (#9149)
* Show single review comments in the PR conversation tab (#9143)
* Extract createComment (#9125)
* Move PushUpdateOptions from models to repofiles (#9124)
* Alternate syntax for cross references (#9116)
* Add USE_SERVICE_WORKER setting (#9110)
* Only show part of members on orgnization dashboard and add paging for orgnization members page (#9092)
* Explore page: Add topic param to pagination (#9077) (#9078)
* Markdown: Sanitizier Configuration (#9075)
* Add password requirement info on error (#9074)
* Allow authors to use act keywords in PR content (#9059)
* Move modules/gzip to gitea.com/macaron/gzip (#9058)
* Branch protection: Possibility to not use whitelist but allow anyone with write access (#9055)
* Context menus for comments, add quote reply (#9043)
* Update branch API endpoint to show effective branch protection. (#9031)
* Move git graph from models to modules/graph (#9027)
* Move merge actions to notification (#9024)
* Move mirror sync actions to notification (#9022)
* Add retry for migration http/https requests (#9019)
* Rewrite delivery of issue and comment mails (#9009)
* Add review comments to mail notifications (#8996)
* Refactor pull request review (#8954)
* Githook highlighter (#8932)
* Add git hooks and webhooks to template repositories; move to services (#8926)
* Only view branch or tag if it match refType requested. (#8899)
* Drop Admin attribute based on LDAP when login (continue #1743) (#8849)
* Add additional periods to activity page (#8829)
* Update go-org to optimize code (#8824)
* Move some actions to notification/action (#8779)
* Webhook support custom proxy (#8760)
* Fix API deadline removal (#8759)
* Mark review comment as invalidated when file is deleted (#8751)
* Move pull list code to a separate file (#8748)
* Move webhook to a standalone package under modules (#8747)
* Multi repo select on issue page (#8741)
* apply exclude label on milestone issue list (#8739)
* Move issue notifications and assignee man (#8713)
* Move issue change content from models to service (#8711)
* Move issue change status from models to service (#8691)
* Move more issue assignee code from models to issue service (#8690)
* Create PR on Current Repository by Default (#8670)
* Improve Open Graph Protocol (#8637)
* Batch hook pre- and post-receive calls (#8602)
* Improve webhooks (#8583)
* Move transfer repository and rename repository on a service package and start action notification (#8573)
* Implement/Fix PR review webhooks (#8570)
* Rewrite markdown rendering to blackfriday v2 and rewrite orgmode rendering to go-org (#8560)
* Move some repositories' operations to a standalone service package (#8557)
* Allow more than 255 characters for tokens in external_login_user table (#8554)
* Move issue label operations to issue service package (#8553)
* Adjust error reporting from merge failures and use LC_ALL=C for git (#8548)
* Mail assignee when issue/pull request is assigned (#8546)
* Allow committing / adding empty files using the web ui (#8420) (#8532)
* Move sync mirror actions to mirror service package (#8518)
* Remove arrows on numeric inputs (#8516)
* Support inline rendering of CUSTOM_URL_SCHEMES (#8496)
* Recalculate repository access only for specific user (#8481)
* Add download button for rull request diff- and patch-file (#8470)
* Add single sign-on support via SSPI on Windows (#8463)
* Move change issue title from models to issue service package (#8456)
* Add included tag on branch view (#8449)
* Make static resouces web browser cache time customized on app.ini (#8442)
* Enable Uploading/Removing Attachments When Editing an Issue/Comment (#8426)
* Add pagination to commit graph page (#8360)
* Use templates for issue e-mail subject and body (#8329)
* Move clearlabels from models to issue service (#8326)
* Move AddTestPullRequestTask to pull service package from models (#8324)
* Team permission to create repository in organization (#8312)
* Allows external rendering of other filetypes (#8300)
* Add 'Alt + click' feature to exclude labels (#8199)
* Configurable close and reopen keywords for PRs (#8120)
* Configurable URL for static resources (#7911)
* Unifies commit list in repository commit table and wiki revision page (#7907)
* Allow cross-repository dependencies on issues (#7901)
* Auto-subscribe user to repository when they commit/tag to it (#7657)
* Restore Graceful Restarting & Socket Activation (#7274)
* wiki - add 'write' 'preview' buttons to wiki edit like in issues (#7241)
* Change target branch for pull request (#6488)
* Display PR commits and diffs using base repo rather than forked (#3648)
* TESTING
* Add debug option to serv to help debug problems (#9492)
* Fix the intermittent TestGPGGit failures (#9360)
* Testing: Update postgres sequences (#9304)
* Missed defer prepareTestEnv (#9285)
* Fix "data race" in testlogger (#9159)
* Yet another attempt to fix the intermittent failure of gpg git test (#9146)
* integrations: Fix Dropped Test Errors (#9040)
* services/mirror: fix dropped test errors (#9007)
* Fix intermittent GPG Git test failure (#8968)
* Update Github Migration Tests (#8893) (#8938)
* Update heatmap fixtures to restore tests (#8615)
* TRANSLATION
* Fix Korean locales (#9761) (#9780)
* Fix placeholders in the error message (#9060)
* Fix spelling of admin.users.max_repo_creation (#8934)
* Improve german translation of homepage (#8549)
* BUILD
* Fix webpack polyfills (#9735) (#9738)
* Update gitea.com/macaron to 1.4.0 (#9608)
* Upgrade lato fonts to v16. (#9498)
* Update alpine to 3.11 (#9440)
* Upgrade blevesearch (#9177)
* Remove built js/css files from git (#9114)
* Move semantic.dropdown.custom.js to webpack (#9064)
* Check compiled files during build (#9042)
* Enable lazy-loading of gitgraph.js (#9036)
* Pack web_src/js/draw.js to public/js/index.js (#8975)
* Modernize js and use babel (#8973)
* Move index.js to web_src and use webpack to pack them (#8598)
* Restrict modules/graceful to non-windows build and shim IsChild (#8537)
* Upgrade gopkg.in/editorconfig/editorconfig-core-go.v1 (#8501)
* DOCS
* Swagger info corrections (#9441) (#9558)
* Add ALLOW_ONLY_EXTERNAL_REGISTRATION to config cheat sheet (#8986)
* Rephrase comment about RuntimeDirectory option in systemd config (#8912)
* Explicitly indicate the socket unit to use the service unit "gitea.service" (#8804)
* Adjust the must-change-password help (#8755)
* Add notice to docs for migrating from more recent versions of Gogs (#8724)
* Add explicit info about customization of homepage (#8694)
* Change external asciidoctor tool to embedded mode (#8677)
* Add Docker fail2ban configuration (#8642)
* Correct some outdated statements in the contributing guidelines (#8612)
* Basic Design guidelines (describing different parts of the code) (#8601)
* Display Gitea logo in Readme (#8592)
* Fix building from source docs to ref AppWorkPath (#8567)
* Update the provided gitea.service to mention socket activation (#8531)
* Doc added how to setup email (#8520)
* MISC
* Backport Locales [2020-01-14] (#9773)
* Add translatable Powered by Gitea text in footer (#9600)
* Add contrib/environment-to-ini (#9519)
* Remove unnecessary loading of settings in update hook (#9496)
* Update gitignore list (#9437)
* Update license list (#9436)
* Fix background reactions in the arc-green theme (#9421)
* Update and fix chardet import (#9351)
* Ensure LF on checkouts and in editors (#9259)
* Fixed topics margin (#9248)
* Add comment to exported function WindowsServiceName (make revive) (#9241)
* Remove empty lines on issues/pulls page (#9232)
* Fix Add Comment Button's "+" Position (#9140)
* Add first issue comment hashtag (#9052)
* Change some label colors (#9051)
* Fix double scroll in branch dropdown (#9048)
* Add comment highlight when target from url (#9047)
* Update display of reactions to issues and comments (#9038)
* Button tooltip formatting under Branches (#9034)
* Allow setting default branch via API (#9030)
* Update dashboard context for PR reviews (#8995)
* Show repository size in repo home page and settings (#8940)
* Allow to add and remove all repositories to/from team. (#8867)
* Show due date in dashboard issues list (#8860)
* Theme arc-green: reverse heatmap colors (#8840)
* Project files table style update (#8757)
* gitignore debugging file from vscode (#8740)
* Add API for Issue set Subscription (#8729)
* Make 100% width search bar (#8710)
* Update color theme for heatmap (#8709)
* Add margin to title_wip_desc (#8705)
* Improve visibility of "Pending" indicator (#8685)
* Improve accessibility of dropdown menus (#8638)
* Make /users/{username}/repos list private repos the current user has access to (#8621)
* Prevent .code-view from overriding font on icon fonts (#8614)
* Add id references on all issue events to allow internal linking (#8608)
* Upgrade xorm to v0.8.0 (#8536)
* Upgrade gopkg.in/ini.v1 (#8500)
* Update CodeMirror to version 5.49.0 (#8381)
* Wiki editor: enable side-by-side button (#7242)
Summary:
Various fixes for memory leaks and invalid memory accesses
Various fixes for integer overflow with large images.
Various cmake fixes for build/install of python modules.
ImfMisc.h is no longer installed, since it's a private header.
3.6.4:
plateau
The main focus in this release was fix some of the more glaring problems creapt in from the last release due to that refactor.
uncompyle6 code is at a plateau where what is most needed is a code refactoring. In doing this, until everything refactored and replaced, decomplation may get worse.
Therefore, this release largely serves as a checkpoint before more major upheaval.
The upheaval, in started last release, I believe the pinnicle was around c90ff51 which wasn't a release. I suppose I should tag that.
After c90ff5, I started down the road of redoing control flow in a more comprehensible, debuggable, and scalable way. See The Control Flow Mess.
The bulk of the refactoring going on in the decompyle3 project, but I try to trickle down the changes.
It is tricky because the changes are large and I have to figure decompose things so that little testable pieces can be done. And there is also the problem that what is in decompyle3 is incomplete as well.
Other than control flow, another change that will probably happen in the next release is to redo the grammar for lambda expressions. Right now, we treat them as Python statements, you know, things with compound statements in them. But lambdas aren't that. And so there is hackery to paper over difference making a statement out of an expression the wrong thing to do. For example, a return of an "and" expression can be expressed as nested "if" statements with return inside them, but the "if" variant of the bytecode is not valid in a lambda.
In the decompyle3 code, I've gone down the road making the grammar goal symbol be an expression. This also offers the opportunity to split the grammar making parsing inside lambda not only more reliable because the wrong choices don't exist, but also simpler and faster because all those rules just need don't need to exist in parsing.
I cringe in thinking about how the code has lived for so long without noticing such a simple stupidity, and lapse of sufficient thought.
3.6.3:
Martin and Susanne
Of late, every release fixes major gaps and embarrassments of the last release....
And in some cases, like this one, exposes lacuna and rot.
I now have [control] flow under control, even if it isn't the most optimal way.
I now have greatly expanded automated testing.
On the most recent Python versions I regularly decompile thousands of Python programs that are distributed with Python. when it is possible, I then decompile Python's standard test suite distributed with Python and run the decompiled source code which basically checks itself. This amounts to about 250 test programs per version. This is in addition to the 3 CI testing services which do different things.
Does this mean the decompiler works perfectly? No. There are still a dozen or so failing programs, although the actual number of bugs is probably smaller though.
However, in perparation of a more major refactoring of the parser grammar, this release was born.
In many cases, decompilation is better. But there are some cases where decompilation has gotten worse. For lack of time (and interest) 3.0 bytecode suffered a hit. Possibly some code in the 3.x range did too. In time and with cleaner refactored code, this will come back.
Commit c90ff51 was a local maxiumum before, I started reworking the grammar to separate productions that were specific to loops versus those that are not in loops.
In the middle of that I added another grammar simplication to remove singleton productions of the form sstmts-> stmts. These were always was a bit ugly, and complicated output.
At any rate if decompilation fails, you can try c90ff51. Or another decompiler. unpyc37 is pretty good for 3.7. wibiti uncompyle2 is great for 2.7. pycdc is mediocre for Python before 3.5 or so, and not that good for the most recent Python. Generally these programs will give some sort of answer even if it isn't correct.
decompyle3 isn't that good for 3.7 and worse for 3.8, but right now it does things no other Python decompiler like unpyc37 or pycdc does. For example, decompyle3 handles variable annotations. As always, the issue trackers for the various programs will give you a sense for what needs to be done. For now, I've given up on reporting issues in the other decompilers because there are already enough issues reported, and they are just not getting fixed anyway.
PycURL 7.43.0.5:
This release fixes a build issue on recent Pythons on CentOS/RHEL distributions.
PycURL 7.43.0.4:
This release improves compatibility with Python 3.8 and removes support for Python 2 and Python 3.4. It also adds wolfSSL support and thread safety of the multi interface.
