Changes since b141:
Beta #142 - 18.03.2019
- XM loader: fixed a bug where XMs with stereo samples would display a
warning message box for every stereo sample loaded, instead of just one.
v0.12.2
Bug Fixes
* Fix circular references in SSL implementation to reduce
the need for GC.
* Fix a memory leak in call_later() and call_at().
The leak occurred when a callback argument had a reference to
the event loop.
* Fix compilation warnings.
* Round (instead of flooring) delay in call_later().
This ensures that the callback is never called slightly before
the specified time.
This module provides a number IP address validation subs that both validate
and untaint their input. This includes both basic validation (is_ipv4() and
is_ipv6()) and special cases like checking whether an address belongs to a
specific network or whether an address is public or private (reserved).
This release fixes a regression introduced in the 1.2.0 release that could
leave the mkfontdir script containing an unexpanded reference to ${exec_prefix}
as shown in https://gitlab.freedesktop.org/xorg/app/mkfontscale/issues/5 .
Alan Coopersmith (2):
Revert "Use autoconf instead of sed to substitute @bindir@ in mkfontdir.in"
mkfontscale 1.2.1
Upstream changes:
== Ruby-GNOME2 3.3.6: 2019-03-21
This is a follow-up release of 3.3.5.
=== Changes
==== Ruby/GIO2
* Improvements
* (({Gio::File#read})): Added support for block.
* (({Gio::File.open})): Added support for (({Pathname})).
* (({Gio::InputStream.open})): Added support for block.
==== Ruby/CairoGObject
* Fixes
* Fixed a bug that old cairo may be used.
==== Ruby/GObjectIntrospection
* Fixes
* Fixed a bug that 64bit integer conversion may be failed for
large integer.
* Fixed typos.
Python 3.4.10 final
Security
bpo-36216: Changes urlsplit() to raise ValueError when the URL contains characters that decompose under IDNA encoding (NFKC-normalization) into characters that affect how the URL is parsed.
bpo-35121: Don’t send cookies of domain A without Domain attribute to domain B when domain A is a suffix match of domain B while using a cookiejar with http.cookiejar.DefaultCookiePolicy policy.
Library
bpo-35121: Don’t set cookie for a request when the request path is a prefix match of the cookie’s path attribute but doesn’t end with “/”.
Python 3.4.10 release candidate 1
Security
bpo-35746: [CVE-2019-5010] Fix a NULL pointer deref in ssl module. The cert parser did not handle CRL distribution points with empty DP or URI correctly. A malicious or buggy certificate can result into segfault. Vulnerability (TALOS-2018-0758).
bpo-34791: The xml.sax and xml.dom.domreg no longer use environment variables to override parser implementations when sys.flags.ignore_environment is set by -E or -I arguments.
bpo-34623: CVE-2018-14647: The C accelerated _elementtree module now initializes hash randomization salt from _Py_HashSecret instead of libexpat’s default CSPRNG.
Library
bpo-33329: Fix multiprocessing regression on newer glibcs
Python 3.5.7 final
Security
bpo-36216: Changes urlsplit() to raise ValueError when the URL contains characters that decompose under IDNA encoding (NFKC-normalization) into characters that affect how the URL is parsed.
bpo-35121: Don’t send cookies of domain A without Domain attribute to domain B when domain A is a suffix match of domain B while using a cookiejar with http.cookiejar.DefaultCookiePolicy policy.
Library
bpo-35121: Don’t set cookie for a request when the request path is a prefix match of the cookie’s path attribute but doesn’t end with “/”.
Python 3.5.7 release candidate 1
Security
bpo-35746: [CVE-2019-5010] Fix a NULL pointer deref in ssl module. The cert parser did not handle CRL distribution points with empty DP or URI correctly. A malicious or buggy certificate can result into segfault. Vulnerability (TALOS-2018-0758).
bpo-34791: The xml.sax and xml.dom.domreg no longer use environment variables to override parser implementations when sys.flags.ignore_environment is set by -E or -I arguments.
bpo-34623: CVE-2018-14647: The C accelerated _elementtree module now initializes hash randomization salt from _Py_HashSecret instead of libexpat’s default CSPRNG.
Library
bpo-33329: Fix multiprocessing regression on newer glibcs
bpo-33127: The ssl module now compiles with LibreSSL 2.7.1.
Release Notes for Samba 4.10.0
This is the first stable release of the Samba 4.10 release series.
Please read the release notes carefully before upgrading.
NEW FEATURES/CHANGES
====================
GPO Improvements
----------------
A new 'samba-tool gpo backup' command has been added that can export a
set of Group Policy Objects from a domain in a generalised XML format.
A corresponding 'samba-tool gpo restore' command has been added to
rebuild the Group Policy Objects from the XML after generalization.
(The administrator needs to correct the values of XML entities between
the backup and restore to account for the change in domain).
KDC prefork
-----------
The KDC now supports the pre-fork process model and worker processes will be
forked for the KDC when the pre-fork process model is selected for samba.
Prefork 'prefork children'
--------------------------
The default value for this smdb.conf parameter has been increased from 1 to
4.
Netlogon prefork
----------------
DCERPC now supports pre-forked NETLOGON processes. The netlogon processes are
pre-forked when the prefork process model is selected for samba.
Offline domain backups
----------------------
The 'samba-tool domain backup' command has been extended with a new 'offline'
option. This safely creates a backup of the local DC's database directly from
disk. The main benefits of an offline backup are it's quicker, it stores more
database details (for forensic purposes), and the samba process does not have
to be running when the backup is made. Refer to the samba-tool help for more
details on using this command.
Group membership statistics
---------------------------
A new 'samba-tool group stats' command has been added. This provides summary
information about how the users are spread across groups in your domain.
The 'samba-tool group list --verbose' command has also been updated to include
the number of users in each group.
Paged results LDAP control
--------------------------
The behaviour of the paged results control (1.2.840.113556.1.4.319, RFC2696)
has been changed to more closely match Windows servers, to improve memory
usage. Paged results may be used internally (or is requested by the user) by
LDAP libraries or tools that deal with large result sizes, for example, when
listing all the objects in the database.
Previously, results were returned as a snapshot of the database but now,
some changes made to the set of results while paging may be reflected in the
responses. If strict inter-record consistency is required in answers (which is
not possible on Windows with large result sets), consider avoiding the paged
results control or alternatively, it might be possible to enforce restrictions
using the LDAP filter expression.
For further details see https://wiki.samba.org/index.php/Paged_Results
Prefork process restart
-----------------------
The pre-fork process model now restarts failed processes. The delay between
restart attempts is controlled by the "prefork backoff increment" (default = 10)
and "prefork maximum backoff" (default = 120) smbd.conf parameters. A linear
back off strategy is used with "prefork backoff increment" added to the
delay between restart attempts up until it reaches "prefork maximum backoff".
Using the default sequence the restart delays (in seconds) are:
0, 10, 20, ..., 120, 120, ...
Standard process model
----------------------
When using the standard process model samba forks a new process to handle ldap
and netlogon connections. Samba now honours the 'max smbd processes' smb.conf
parameter. The default value of 0, indicates there is no limit. The limit
is applied individually to netlogon and ldap. When the process limit is
exceeded Samba drops new connections immediately.
python3 support
---------------
This is the first release of Samba which has full support for Python 3.
Samba 4.10 still has support for Python 2, however, Python 3 will be used by
default, i.e. 'configure' & 'make' will execute using python3.
To build Samba with python2 you *must* set the 'PYTHON' environment variable
for both the 'configure' and 'make' steps, i.e.
'PYTHON=python2 ./configure'
'PYTHON=python2 make'
This will override the python3 default.
Alternatively, it is possible to produce Samba Python bindings for both
Python 2 and Python 3. To do so, specify '--extra-python=/usr/bin/python2'
as part of the 'configure' command. Note that python3 will still be used as
the default in this case.
Note that Samba 4.10 supports Python 3.4 onwards.
Future Python support
---------------------
Samba 4.10 will be the last release that comes with full support for
Python 2. Unfortunately, the Samba Team doesn't have the resources to support
both Python 2 and Python 3 long-term.
Samba 4.11 will not have any runtime support for Python 2. This means if
you use Python 2 bindings it is time to migrate to Python 3 now.
If you are building Samba using the '--disable-python' option (i.e. you're
excluding all the run-time Python support), then this will continue to work
on a system that supports either python2 or python3.
Also note that Samba 4.11 will most likely only support Python 3.6 onwards.
JSON logging
------------
Authentication messages now contain the Windows Event Id "eventId" and logon
type "logonType". The supported event codes and logon types are:
Event codes:
4624 Successful logon
4625 Unsuccessful logon
Logon Types:
2 Interactive
3 Network
8 NetworkCleartext
The version number for Authentication messages is now 1.1, changed from 1.0
Password change messages now contain the Windows Event Id "eventId", the
supported event Id's are:
4723 Password changed
4724 Password reset
The version number for PasswordChange messages is now 1.1, changed from 1.0
Group membership change messages now contain the Windows Event Id "eventId",
the supported event Id's are:
4728 A member was added to a security enabled global group
4729 A member was removed from a security enabled global group
4732 A member was added to a security enabled local group
4733 A member was removed from a security enabled local group
4746 A member was added to a security disabled local group
4747 A member was removed from a security disabled local group
4751 A member was added to a security disabled global group
4752 A member was removed from a security disabled global group
4756 A member was added to a security enabled universal group
4757 A member was removed from a security enabled universal group
4761 A member was added to a security disabled universal group
4762 A member was removed from a security disabled universal group
The version number for GroupChange messages is now 1.1, changed from 1.0. Also
A GroupChange message is generated when a new user is created to log that the
user has been added to their primary group.
The leading "JSON <message type>:" and source file prefix of the JSON formatted
log entries has been removed to make the parsing of the JSON log messages
easier. JSON log entries now start with 2 spaces followed by an opening brace
i.e. " {"
SMBv2 samba-tool support
------------------------
On previous releases, some samba-tool commands would not work against a remote
DC that had SMBv1 disabled. SMBv2 support has now been added for samba-tool.
The affected commands are 'samba-tool domain backup|rename' and the
'samba-tool gpo' set of commands.
New glusterfs_fuse VFS module
-----------------------------
The new vfs_glusterfs_fuse module improves performance when Samba
accesses a glusterfs volume mounted via FUSE (Filesystem in Userspace
as part of the Linux kernel). It achieves that by leveraging a
mechanism to retrieve the appropriate case of filenames by querying a
specific extended attribute in the filesystem. No extra configuration
is required to use this module, only glusterfs_fuse needs to be set in
the "vfs objects" parameter. Further details can be found in the
vfs_glusterfs_fuse(8) manpage. This new vfs_glusterfs_fuse module does
not replace the existing vfs_glusterfs module, it just provides an
additional, alternative mechanism to access a Gluster volume.
REMOVED FEATURES
================
MIT Kerberos build of the AD DC
-------------------------------
While not removed, the MIT Kerberos build of the Samba AD DC is still
considered experimental. Because Samba will not issue security
patches for this configuration, such builds now require the explicit
configure option: --with-experimental-mit-ad-dc
For further details see
https://wiki.samba.org/index.php/Running_a_Samba_AD_DC_with_MIT_Kerberos_KDC
samba_backup
------------
The samba_backup script has been removed. This has now been replaced by the
'samba-tool domain backup offline' command.
SMB client Python bindings
--------------------------
The SMB client python bindings are now deprecated and will be removed in future
Samba releases. This will only affects users that may have used the Samba
Python bindings to write their own utilities, i.e. users with a custom Python
script that includes the line 'from samba import smb'.
ldb is a LDAP-like embedded database. It is not at all LDAP standards
compliant, so if you want a standards compliant database then please see the
excellent OpenLDAP project.
What ldb does is provide a fast database with an LDAP-like API designed to be
used within an application. In some ways it can be seen as a intermediate
solution between key-value pair databases and a real LDAP database.
ldb is the database engine used in Samba4.
Features:
* The main features that separate ldb from other solutions are:
* Safe multi-reader, multi-writer, using byte range locking
* LDAP-like API
* fast operation
* choice of local tdb or remote LDAP backends
* integration with talloc
* schema-less operation, for trivial setup
* modules for extensions (such as schema support)
* easy setup of indexes and attribute properties
* LDIF for import/export
* ldbedit tool for database (via LDIF) editing (reminiscent of 'vipw')
From maintainer in private mail.
- Remove quotation marks around XLFD font names
- Remove strain pixels on the inner upper part of parentheses (16x32 version)
- Harmonize the 'v' and 'V' characters across all sizes
- Remove artefacts from the 'c' in the copyright sign (8x16, 12x24, 16x32, and
32x64 versions)
- Make the upper left corner of the 'R' sharp in the registered sign (16x32,
and 32x64 versions)
- Provide generated fonts in PCF, PSF, and .dfont formats
Changes since previous version (2.2.0):
pkgsrc: use the included Makefile.cmdline to build duktape, rather
than custom command in pkgsrc Makefile. Don't assume ${CC} is gcc
while doing so
XXX - it looks like the ABI has changed (silently) from 2.2.0 without
a corresponding libtool version bump from upstream. caveat buildor
2.3.0 (2018-08-04)
+ When C++ exception support is enabled use a separate
duk_fatal_exception (inherits from std::runtime_error) to propagate
fatal errors (uncaught errors, assertions) out of Duktape when using
the default fatal error handler (GH-1915)
+ Update UnicodeData.txt and SpecialCasing.txt used for building
internal Unicode control data to Unicode version 10.0.0 (GH-1851)
+ Add support for Symbol.hasInstance (@@hasInstance) check for
'instanceof' operator and duk_instanceof() API call; also add
Symbol.hasInstance and Function.prototype[@@hasInstance] (GH-1821)
+ Add support for Symbol.toStringTag (@@toStringTag) in
Object.prototype.toString() (GH-1822)
+ Add support for Symbol.isConcatSpreadable (@@isConcatSpreadable) in
Array.prototype.concat() (GH-1823)
+ Add support for Symbol.toPrimitive (@@toPrimitive) in ToPrimitive()
internal algorithm and duk_to_primitive() API call (GH-1825)
+ Invoke Proxy 'has' trap in Array.prototype.concat() when inspecting
the elements of the Proxy target (GH-1823)
+ Remove DUK_USE_NONSTD_ARRAY_CONCAT_TRAILER because the underlying
ES5.1 specification "bug" was fixed in ES2015 (GH-1823)
+ Remove DUK_USE_NONSTD_ARRAY_MAP_TRAILER because ES5.0/ES5.1 behavior
actually did match the "non-standard" behavior provided by the option
(GH-1823)
+ Add duk_random() to allow C code access to the same random number
source as ECMAScript code (GH-1815)
+ Add duk_push_new_target() to allow C code to access new.target; at
present this is for completeness because without actual class support
it's only useful to detect constructor calls which can already be done
using duk_is_constructor_call() (GH-1745)
+ Add experimental API call variants for plain C literals, for example
duk_push_literal(ctx, "key") and duk_get_prop_literal(ctx,
"propname"), which allow e.g. better performance; calls added:
duk_push_literal(), duk_get_prop_literal(), duk_put_prop_literal(),
duk_has_prop_literal(), duk_del_prop_literal(),
duk_get_global_literal(), duk_put_global_literal() (GH-1805)
+ Add duk_get_global_heapptr() and duk_put_global_heapptr() for
completeness (GH-1805)
+ Automatically pin strings accessed using the C literal API call
variants such as duk_get_prop_literal(ctx, "propname") between
mark-and-sweep rounds to facilitate literal caching and to reduce
string table traffic; this behavior can be disabled by disabling
DUK_USE_LITCACHE_SIZE in configure.py (GH-1813)
+ Add a lookup cache for C literals to speed up string table lookups
when using API call variants such as duk_get_prop_literal(ctx,
"propname"); the cache relies on literals being pinned between
mark-and-sweep rounds, and can be disabled by disabling
DUK_USE_LITCACHE_SIZE in configure.py (GH-1813)
+ ES2015 Number constructor properties: EPSILON, MIN_SAFE_INTEGER,
MAX_SAFE_INTEGER, isFinite(), isInteger(), isNaN(), isSafeInteger(),
parseInt(), parseFloat() (GH-1756, GH-1761)
+ Assume only natural alignment (DUK_USE_ALIGN_BY=8) on all platforms
to minimize compiler assumptions regarding unaligned accesses (which
can be an issue even on x86); applications working with a low memory
target may want to force DUK_USE_ALIGN_BY in configuration (GH-1783,
GH-1784)
+ Base64 decoder is now more lenient for padding: accepts missing
padding ('Zm'), partial padding ('Zm='), standard padding ('Zm=='),
and extra padding ('Zm===' etc), also for concatenated documents
('Zm===Zm' decodes to 'ff' for example) (GH-1789)
+ Base64 encoder and decoder performance improvements for both fast
path and slow path variants (GH-1789)
+ Make base64 support optional and drop it from lowmem base
configuration; define DUK_USE_BASE64_SUPPORT to enable it (GH-1789)
+ Make hex support optional and drop it from lowmem base
configuration; define DUK_USE_BASE64_SUPPORT to enable it (GH-1789)
+ Add C++ name mangling wrappers (extern "C") for extras (GH-1780,
GH-1782)
+ Add a duk_uint64_t to duk_hbuffer_fixed forced alignment union trick
just in case double and uint64_t alignment requirements differ
(GH-1799)
+ Add a CBOR encoder/decoder as an extra (GH-1781, GH-1800, GH-1801)
+ Add a minimal ES2015 Promise polyfill into the distribution
(GH-1865)
+ Include <exception> only when compiling as C++ with C++ exception
support enabled (GH-1838, GH-1839)
+ Allow undefined timeout in eventloop example setTimeout() and
setInterval() bindings, minor cleanups and improvements (GH-1866,
GH-1879, GH-1884)
+ Revise Number.prototype.toFixed() 'this' binding and fractionDigits
argument validation order to match ES2015 where the 'this' binding is
validated first (GH-1887)
+ Add Makefile.jsoncbor to the distributable (GH-1885)
+ Makefile.sharedlibrary portability improvements (GH-1922, GH-1923)
+ Change spelling from ECMAScript to ECMAScript throughout the
internal source code; as far as external behavior is concerned this
only affects a few debug prints (GH-1894)
+ Fix NULL pointer dereference in error augmentation when
DUK_USE_TRACEBACKS was disabled (GH-1909)
+ Fix potential dangling pointer use in Duktape thread termination
handling; the dangling pointer could cause unsafe memory behavior
(GH-1845, GH-1868)
+ Fix performance.now() property attributes to 'wec' (earlier 'wc')
(GH-1821)
+ Fix debugger StepOver behavior when a tailcall happens in a nested
function (not the function where stepping started from) (GH-1786,
GH-1787)
+ Fix trailing single line comment handling for Function constructor;
new Function('return "foo" //') previously failed with SyntaxError
(GH-1757)
+ Fix some lexer bugs related to parsing in RegExp mode (interpret
leading '/' as part of a RegExp) or not (interpret '/' as division)
(GH-1779)
+ Fix DUK_BOOL_{MIN,MAX} defines for unsigned duk_bool_t (GH-1769)
+ Fix 'defined but not used' warning for Windows (GH-1775)
+ Fix potential uninitialized data use when Windows Date provider
FileTimeToSystemTime() or FileTimeToLocalFileTime() failed (GH-1953)
+ Fix some Clang warnings by avoiding undefined behavior by default,
define DUK_USE_ALLOW_UNDEFINED_BEHAVIOR to reduce the explicit
undefined behavior checks for better footprint/performance (GH-1777,
GH-1795, GH-1796, GH-1797, GH-1798)
+ Fix some compilation warnings triggered when DUK_NORETURN is not
defined; the internal DUK_WO_NORETURN() is used to include unreachable
dummy statements when the noreturn attribute is not available, e.g.
DUK_WO_NORETURN(return 0;); (GH-1790)
+ Fix a few casts in duk_trans_socket_windows.c to avoid errors in a
C++ build (GH-1773)
+ Fix harmless -Wcast-align warnings on armhf (GH-1793)
+ Various compiler warning fixes (GH-1788, GH-1932, GH-1924, GH-1950,
GH-1951, etc)
+ Add automatic workaround for union aliasing issues with FreeBSD +
-m32 + Clang prior to 5.0; the aliasing issues cause packed duk_tval
to work incorrectly (see
https://github.com/svaarala/duktape/blob/master/misc/clang_aliasing.c),
and the workaround is to use unpacked duk_tval prior to Clang 5.0
(GH-1764)
2.2.1 (2018-04-26)
+ Fix trailing single line comment handling for Function constructor;
new Function('return "foo" //') previously failed with SyntaxError
(GH-1757)
+ Fix DUK_BOOL_{MIN,MAX} defines for unsigned duk_bool_t (GH-1769)
+ Fix debugger StepOver behavior when a tailcall happens in a nested
function (not the function where stepping started from) (GH-1786,
GH-1787)
+ Fix potential dangling pointer use in Duktape thread termination
handling; the dangling pointer could cause unsafe memory behavior
(GH-1845, GH-1868)
Changes from 3.5.0 to 3.5.1
- Maintenance release to fix how PyPi repo is handling wheel versions.
Changes from 3.4.4 to 3.5.0
Improvements
- When copying data from native HDF5 files with padding in compound types,
the padding is not removed now by default. This allows for better
compatibility with existing HDF5 applications that expect the padding
to stay there.
Also, when the description is a NumPy struct array with padding, this
is honored now. The previous behaviour (i.e. getting rid of paddings) can
be replicated by passing the new allow_padding parameter when opening
a file. For some examples, see the new examples/tables-with-padding.py
and examples/attrs-with-padding.py.
- Added a new flag --dont-allow-padding in ptrepack utility so as to
replicate the previous behaviour of removing padding during file copies.
The default is to honor the original padding in copies.
- Improve compatibility with numpy 1.16.
- Improve detection of the LZO2 library at build time.
- Suppress several warnings.
- Add AVX2 support for Windows.
version 0.8.7 (released 2019-02-25)
* Fixed handling extension flags in the server implementation
* Fixed exporting ed25519 private keys
* Fixed corner cases for rsa-sha2 signatures
* Fixed some issues with connector
It was not accepted upstream; use "$@" in the script section to ship args.
We'll see if a documentation improvement can be suggested instead.
Bump PKGREVISION.
