Fix all dependencies. This time, there is an actual working gsutil binary.
Thus, fix PR pkg/52941.
Release 4.31 (release date: 2018-04-26)
=======================================
New features
------------------
- Added support for reauthentication within gsutil. Note that this only affects
authentication when "gs_oauth2_refresh_token" is configured under the
"Credentials" section of the boto config file and that token corresponds to a
user account enrolled in 2-step verification.
Bug Fixes
------------------
- When creating a signed URL via the "signurl" command, gsutil now verifies that
the specified expiration isn't longer than 7 days (the maximum allowed by the
service).
- To support rewriting objects to be encrypted using a bucket's default KMS key,
the "rewrite" command now rewrites all specified objects if no value is
specified for "encryption_key" under the "GSUtil" section in the boto config
file.
Other Changes
------------------
- Several documentation updates and clarifications.
Release 4.30 (release date: 2018-03-28)
=======================================
New features
------------------
- Added Cloud KMS support for Google Cloud Storage resources, allowing the use
of customer-managed encryption keys (CMEKs). Bucket-related functionality
includes the new "kms" command, which can be used to get or set a bucket's
default KMS key. Concerning objects, users may now specify the CMEK to be used
for encryption via their boto config file, in the "encryption_key" attribute.
In this way, users may specify either a CSEK or a CMEK to encrypt new objects,
but not both. For more information, see "gsutil help encryption".
Other Changes
------------------
- Several documentation updates and clarifications.
Release 4.29 (release date: 2018-03-14)
=======================================
New features
------------------
- Added transport compression support, available through the "-j" and "-J"
options for the "cp", "mv", and "rsync" commands. This is useful when
uploading files with highly-compressible content. When specificed, files being
uploaded are compressed on-the-fly in memory, sent to GCS, and uncompressed by
GCS before they are stored. See "gsutil help cp" for additional information.
- When "use_magicfile=True" is set in the boto config file, gsutil will now
append the detected charset, if present, to the object's Content-Type metadata
field. For example, a Content-Type might be populated with
"text/html; charset=us-ascii" rather than simply "text/html".
Bug Fixes
------------------
- Improved error handling and logging for upload resumption.
- After encountering a PreconditionException, the "acl ch" command will now
re-fetch the object generation before retrying.
- Fixed issue with parsing lifecycle conditions when using the XML API.
Conditions whose values could be evaluated by Python as "falsy" (e.g. setting
an "age" condition to the number 0 or "isLive" to false) would be omitted from
the lifecycle configuration when "prefer_api=xml" was set in the boto config
file. Note that the JSON API is preferred by default, so most users were
unlikely to encounter this issue.
- For commands that fetch bucket ACLs or default ACLs, when the user does not
have storage.buckets.getIamPolicy on the GCS bucket, using the XML API will
now behave consistently with the JSON API and display ACL/default ACL fields
as empty, rather than throwing a CommandException.
Other Changes
------------------
- Several documentation updates and clarifications.
- The "signurl" command now uses signature V4 signing format to generate URLs.
2.19.1:
Bugfixes
- Fixed issue where status_codes.py's init function failed trying to append to
a __doc__ value of None.
2.19.0:
Improvements
- Warn user about possible slowdown when using cryptography version < 1.3.4
- Check for invalid host in proxy URL, before forwarding request to adapter.
- Fragments are now properly maintained across redirects. (RFC7231 7.1.2)
- Removed use of cgi module to expedite library load time.
- Added support for SHA-256 and SHA-512 digest auth algorithms.
- Minor performance improvement to Request.content.
- Migrate to using collections.abc for 3.7 compatibility.
Bugfixes
- Parsing empty Link headers with parse_header_links() no longer return one bogus entry.
- Fixed issue where loading the default certificate bundle from a zip archive
would raise an IOError.
- Fixed issue with unexpected ImportError on windows system which do not support winreg module.
- DNS resolution in proxy bypass no longer includes the username and password in
the request. This also fixes the issue of DNS queries failing on macOS.
- Properly normalize adapter prefixes for url comparison.
- Passing None as a file pointer to the files param no longer raises an exception.
- Calling copy on a RequestsCookieJar will now preserve the cookie policy correctly.
2.0.2:
Fixed the weeks property for negative Period instances.
Fixed start_of() methods not setting microseconds to 0.
Fixed errors on some systems when retrieving timezone from clock files.
Fixed parsing of partial time.
Fixed parsing not raising an error for week 53 for ordinary years.
Fixed string formatting not supporting strftime format.
2.0.1:
Fixed behavior of the YY token in from_format().
Fixed errors on some systems when retrieving timezone from clock files.
4.3.0:
Extended the decorator family facility to work with positional arguments and updated the documentation. Removed decorator.getargspec and provided decorator.getfullargspec instead. This is convenient for users of Python 2.6/2.7, the others can just use inspect.getfullargspec.
1.23:
* Allow providing a list of headers to strip from requests when redirecting
to a different host. Defaults to the Authorization header. Different
headers can be set via Retry.remove_headers_on_redirect.
* Fix util.selectors._fileobj_to_fd to accept long
* Dropped Python 3.3 support.
* Put the connection back in the pool when calling stream() or read_chunked() on
a chunked HEAD response.
* Fixed pyOpenSSL-specific ssl client authentication issue when clients
attempted to auth via certificate + chain
* Add the port to the connectionpool connect print
* Don't use the uuid module to create multipart data boundaries.
* read_chunked() on a closed response returns no chunks.
* Add Python 2.6 support to contrib.securetransport
* Added support for auth info in url for SOCKS proxy
3.59.0:
This release adds the :func:~hypothesis.strategies.emails strategy, which generates unicode strings representing an email address.
3.58.1:
This improves the shrinker. It can now reorder examples: 3 1 2 becomes 1 2 3.
3.58.0:
This adds a new extra :py:func:~hypothesis.extra.dateutil.timezones strategy that generates dateutil timezones.
Depends on :pypi:python-dateutil.
3.3.0:
Features
Added new fixtures django_mail_dnsname and django_mail_patch_dns, used by mailoutbox to monkeypatch the DNS_NAME used in django.core.mail to improve performance and reproducibility.
Bug fixes
Fixed test for classmethod with Django TestCases
Fixed RemovedInPytest4Warning: MarkInfo objects are deprecated
Fixed scope of overridden settings with live_server fixture: previously they were visible to following tests
version 4.0.1:
- avcodec/aacdec_fixed: Fix undefined integer overflow in apply_independent_coupling_fixed()
- avcodec/dirac_dwt_template: Fix undefined behavior in interleave()
- avutil/common: Fix undefined behavior in av_clip_uintp2_c()
- fftools/ffmpeg: Fallback to duration if sample rate is unavailable
- avformat/mov: Only set pkt->duration to non negative values
- avcodec/mpeg4videodec: Clear bits_per_raw_sample if it has originated from a previous instance
- avformat/movenc: fix recognization of cover image streams
- avformat/movenc: properly handle cover image codecs
- avcodec/h264_slice: Fix overflow in recovery_frame computation
- avcodec/h264_ps: Move MAX_LOG2_MAX_FRAME_NUM to header so it can be used in h264_sei
- avcodec/h264_mc_template: Only prefetch motion if the list is used.
- avcodec/xwddec: Use ff_set_dimensions()
- avcodec/wavpack: Fix overflow in adding tail
- avcodec/shorten: Fix multiple integer overflows
- avcodec/shorten: Fix undefined shift in fix_bitshift()
- avcodec/shorten: Fix a negative left shift in shorten_decode_frame()
- avcodec/shorten: Sanity check nmeans
- avcodec/shorten: Check non COMM chunk len before skip in decode_aiff_header()
- avcodec/mjpegdec: Fix integer overflow in ljpeg_decode_rgb_scan()
- avcodec/truemotion2: Fix overflow in tm2_apply_deltas()
- avcodec/opus_silk: Change silk_lsf2lpc() slightly toward silk/NLSF2A.c
- avcodec/amrwbdec: Fix division by 0 in find_hb_gain()
- avcodec/h263dec: Reinitialize idct context if it has not been setup for the active profile
- avcodec/idctdsp: Clear idct/idct_add for studio profile
- avformat/mov: replace a value error by clipping into valid range in mov_read_stsc()
- avformat/bintext: Reduce detection for random .bin files as it more likely is not a multimedia related file
- avformat/mov: Break out early if chunk_count is 0 in mov_build_index()
- avcodec/fic: Avoid some magic numbers related to cursors
- avcodec/mpeg4video: Detect reference studio streams as studio streams
- avcodec/mpeg4videodec: Do not corrupt bits_per_raw_sample
- avcodec/mpeg4videode: Eliminate out of loop VOP startcode reading for studio profile
- avcodec/g2meet: ask for sample with overflowing RGB
- avcodec/idctdsp: Transmit studio_profile to init instead of using AVCodecContext profile
- avcodec/ac3dec: Check that the number of channels with dependant streams is valid
- avcodec/ac3dec: Fix null pointer dereference in ac3_decode_frame()
- avcodec/aacdec_fixed: use 64bit to avoid overflow in rounding in apply_dependent_coupling_fixed()
- oavcodec/aacpsdsp_template: Use unsigned for hs0X to prevent undefined behavior
- avcodec/g723_1dec: Clip bits2 in both directions
- avcodec/mpeg4videoenc: Use 64 bit for times in mpeg4_encode_gop_header()
- avcodec/mlpdec: Only change noise_type if the related fields are valid
- indeo4: Decode all or nothing of a band header.
- avcodec/ac3dec: Use frame_size if superframe_size is 0
- avformat/mov: Only fail for STCO/STSC contradictions if both exist
- avcodec/dirac_dwt: Fix integer overflow in COMPOSE_DD97iH0 / COMPOSE_DD137iL0
- avcodec/fic: Check available input space for cursor
- avcodec/mpeg4videodec: Check bps (VOL header) before VOP for studio profile
- avcodec/g2meet: Check RGB upper limit
- avcodec/jpeg2000dec: Fix undefined shift in the jpeg2000_decode_packets_po_iteration() CPRL case
- avcodec/jpeg2000dec: Skip init for component in CPRL if nothing is to be done
- avcodec/g2meet: Change order of operations to avoid undefined behavior
- avcodec/flac_parser: Fix infinite loop
- avcodec/mpeg4videodec: Split decode_studio_vol_header() out of decode_studiovisualobject()
- avcodec/mpeg4videodec: Move decode_studiovisualobject() parsing in the branch for visual object parsing
- avcodec/mpeg4video_parser: Avoid litteral 0x1B6, use named constant instead
- avcodec/mpeg4video_parser: Fix incorrect spliting of MPEG-4 studio frames
- avformat/m4vdec: Use the same constant names as libavcodec
- avformat/m4vdec: Fix detection of raw MPEG-4 ES Studio
- avcodec/wavpack: Fix integer overflow in DEC_MED() / INC_MED()
- avcodec/wavpack: Fix integer overflow in wv_unpack_stereo()
- avcodec/error_resilience: Fix integer overflow in filter181()
- avcodec/h263dec: Check slice_ret in mspeg4 slice loop
- avcodec/elsdec: Fix memleaks
- avcodec/vc1_block: simplify ac_val computation
- avcodec/ffv1enc: Check that the crc + version combination is supported
- configure: The eac3_core bitstream filter needs the ac3 parser.
- configure: fix arm inline asm checks
- lavf/libssh: translate a read of 0 to EOF
- ffprobe: fix SEGV when new streams are added
- avformat/mpegts: fix incorrect indentation
- avformat/mpegts: initialize section_buf to fix valgrind test failure
- avformat/mpegts: reindent after last change
- avformat/mpegts: parse sections with multiple tables
- avformat/mpegts: clean up whitespace
- avformat/mpegts: use MAX_SECTION_SIZE instead of hardcoded value
- avformat/mpegts: skip non-PMT tids earlier
- avcodec/mediacodecdec: add workaround for buggy amlogic mpeg2 decoder
- avcodec/mediacodecdec: wait on first frame after input buffers are full
- avcodec/mediacodecdec: restructure mediacodec_receive_frame
- avcodec/mediacodec_wrapper: add helper to fetch SDK_INT
- avcodec/mediacodecdec: refactor pts handling
- avcodec/mediacodecdec: use AV_TIME_BASE_Q
- avcodec/mediacodecdec: clarify delay_flush specific code
- avcodec/videotoolbox: fix decoding of some HEVC videos
- avcodec/hevc: remove videotoolbox hack
- avcodec/videotoolbox: split h264/hevc callbacks
- avcodec/videotoolbox: cleanups
- avcodec/videotoolbox: fix kVTCouldNotFindVideoDecoderErr trying to decode HEVC on iOS
- avcodec/videotoolbox: improve logging of decoder errors
- avcodec/xwddec: fix palette alpha
- avformat/webm_chunk: always use a static buffer for get_chunk_filename
- configure: fix configure check for lilv-0
- avcodec/nvdec_hevc: fix scaling lists
- avcodec/hevcdec: make ff_hevc_frame_nb_refs take a const pointer
- lavf/bluray: translate a read of 0 to EOF
- lavf/dashenc: don't call flush_init_segment before avformat_write_header
- avdevice/decklink_dec: unref packets on avpacket_queue_put error
- avcodec/hnm4video: fix palette alpha
- avcodec/anm: fix palette alpha
- avformat/qtpalette: parse color table according to the QuickTime file format specs
- ffplay: Fix realloc_texture when input texture is NULL.
- hwcontext_vaapi: Fix compilation with libva versions < 1.4.0
- lavf/qsv: clone the frame which may be managed by framework
- lavf: make overlay_qsv work based on framesync
- avformat/segafilm - revert keyframe detection
- avformat/utils: refactor upstream_stream_timings
- avformat/utils: ignore outlier durations on subtitle/data streams as well
The package provides means of loading maths alphabets (such as
are normally addressed via macros \mathcal, \mathbb, \mathfrak
and \mathscr), offering various features normally missing in
existing packages for this job.
Major changes in 1.16.1 (2018-05-03)
This is a bug fix release.
Fix flaws in LDAP DN checking, including a null dereference KDC crash which could be triggered by kadmin clients with administrative privileges [CVE-2018-5729, CVE-2018-5730].
Fix a KDC PKINIT memory leak.
Fix a small KDC memory leak on transited or authdata errors when processing TGS requests.
Fix a regression in pkinit_cert_match matching of client certificates containing Microsoft UPN SANs.
Fix a null dereference when the KDC sends a large TGS reply.
Fix "kdestroy -A" with the KCM credential cache type.
Allow validation of Microsoft PACs containing enterprise names.
Fix the handling of capaths "." values.
Fix handling of repeated subsection specifications in profile files (such as when multiple included files specify relations in the same subsection).
Major changes in 1.16 (2017-12-05)
Administrator experience:
The KDC can match PKINIT client certificates against the "pkinit_cert_match" string attribute on the client principal entry, using the same syntax as the existing "pkinit_cert_match" profile option.
The ktutil addent command supports the "-k 0" option to ignore the key version, and the "-s" option to use a non-default salt string.
kpropd supports a --pid-file option to write a pid file at startup, when it is run in standalone mode.
The "encrypted_challenge_indicator" realm option can be used to attach an authentication indicator to tickets obtained using FAST encrypted challenge pre-authentication.
Localization support can be disabled at build time with the --disable-nls configure option.
Developer experience:
The kdcpolicy pluggable interface allows modules control whether tickets are issued by the KDC.
The kadm5_auth pluggable interface allows modules to control whether kadmind grants access to a kadmin request.
The certauth pluggable interface allows modules to control which PKINIT client certificates can authenticate to which client principals.
KDB modules can use the client and KDC interface IP addresses to determine whether to allow an AS request.
GSS applications can query the bit strength of a krb5 GSS context using the GSS_C_SEC_CONTEXT_SASL_SSF OID with gss_inquire_sec_context_by_oid().
GSS applications can query the impersonator name of a krb5 GSS credential using the GSS_KRB5_GET_CRED_IMPERSONATOR OID with gss_inquire_cred_by_oid().
kdcpreauth modules can query the KDC for the canonicalized requested client principal name, or match a principal name against the requested client principal name with canonicalization.
Protocol evolution:
The client library will continue to try pre-authentication mechanisms after most failure conditions.
The KDC will issue trivially renewable tickets (where the renewable lifetime is equal to or less than the ticket lifetime) if requested by the client, to be friendlier to scripts.
The client library will use a random nonce for TGS requests instead of the current system time.
For the RC4 string-to-key or PAC operations, UTF-16 is supported (previously only UCS-2 was supported).
When matching PKINIT client certificates, UPN SANs will be matched correctly as UPNs, with canonicalization.
User experience:
Dates after the year 2038 are accepted (provided that the platform time facilities support them), through the year 2106.
Automatic credential cache selection based on the client realm will take into account the fallback realm and the service hostname.
Referral and alternate cross-realm TGTs will not be cached, avoiding some scenarios where they can be added to the credential cache multiple times.
A German translation has been added.
Code quality:
The build is warning-clean under clang with the configured warning options.
The automated test suite runs cleanly under AddressSanitizer.
Major changes in 1.15.3 (2018-05-03)
This is a bug fix release.
Fix flaws in LDAP DN checking, including a null dereference KDC crash which could be triggered by kadmin clients with administrative privileges [CVE-2018-5729, CVE-2018-5730].
Fix a KDC PKINIT memory leak.
Fix a small KDC memory leak on transited or authdata errors when processing TGS requests.
Fix a null dereference when the KDC sends a large TGS reply.
Fix "kdestroy -A" with the KCM credential cache type.
Fix the handling of capaths "." values.
Fix handling of repeated subsection specifications in profile files (such as when multiple included files specify relations in the same subsection).
Major changes in 1.15.2 (2017-09-25)
This is a bug fix release.
Fix a KDC denial of service vulnerability caused by unset status strings [CVE-2017-11368]
Preserve GSS contexts on init/accept failure [CVE-2017-11462]
Fix kadm5 setkey operation with LDAP KDB module
Use a ten-second timeout after successful connection for HTTPS KDC requests, as we do for TCP requests
Fix client null dereference when KDC offers encrypted challenge without FAST
Ignore dotfiles when processing profile includedir directive
Improve documentation
Major changes in 1.15.1 (2017-03-01)
This is a bug fix release.
Allow KDB modules to determine how the e_data field of principal fields is freed
Fix udp_preference_limit when the KDC location is configured with SRV records
Fix KDC and kadmind startup on some IPv4-only systems
Fix the processing of PKINIT certificate matching rules which have two components and no explicit relation
Improve documentation
Major changes in 1.15 (2016-12-01)
Administrator experience:
Improve support for multihomed Kerberos servers by adding options for specifying restricted listening addresses for the KDC and kadmind.
Add support to kadmin for remote extraction of current keys without changing them (requires a special kadmin permission that is excluded from the wildcard permission), with the exception of highly protected keys.
Add a lockdown_keys principal attribute to prevent retrieval of the principal's keys (old or new) via the kadmin protocol. In newly created databases, this attribute is set on the krbtgt and kadmin principals.
Restore recursive dump capability for DB2 back end, so sites can more easily recover from database corruption resulting from power failure events.
Add DNS auto-discovery of KDC and kpasswd servers from URI records, in addition to SRV records. URI records can convey TCP and UDP servers and master KDC status in a single DNS lookup, and can also point to HTTPS proxy servers.
Add support for password history to the LDAP back end.
Add support for principal renaming to the LDAP back end.
Use the getrandom system call on supported Linux kernels to avoid blocking problems when getting entropy from the operating system.
In the PKINIT client, use the correct DigestInfo encoding for PKCS #1 signatures, so that some especially strict smart cards will work.
Code quality:
Clean up numerous compilation warnings.
Remove various infrequently built modules, including some preauth modules that were not built by default.
Developer experience:
Add support for building with OpenSSL 1.1.
Use SHA-256 instead of MD5 for (non-cryptographic) hashing of authenticators in the replay cache. This helps sites that must build with FIPS 140 conformant libraries that lack MD5.
Eliminate util/reconf and allow the use of autoreconf alone to regenerate the configure script.
Protocol evolution:
Add support for the AES-SHA2 enctypes, which allows sites to conform to Suite B crypto requirements.
Aspic is a program that processes a textual description of a line
art graphic, and converts it into a form that is suitable for
inclusion in another document. The default output format is
Encapsulated PostScript, but there is also support for Scalable
Vector Graphics (SVG), and there is legacy support for the SGCAL
text processor.
SDoP is a Simple DocBook Processor. It reads DocBook XML input and
writes PostScript output. This version has some support for almost
all the elements that are part of Simplified DocBook. The main
omissions are support for bibliographies, multiple authors, subtables
within tables, and some element attributes.
xfpt is a program that reads a marked-up ASCII source file, and
converts it into XML. It was written with DocBook XML in mind, but
can also be used for other forms of XML. Unlike AsciiDoc, xfpt does
not try to produce XML from a document that is also usable as a
freestanding ASCII document. The input for xfpt is very definitely
"marked up". This makes it less ambiguous for large and/or complicated
documents. xfpt is also much faster than AsciiDoc because it is
written in C and does not rely on pattern matching.
0.48.0:
- Add NullHandler to logger to fix python 2 issue.
- Fix the issue that websocket status message may not present
- Socket error not raised in nested try except in python2
- Load system default certificates if none are given
- Fix waiting forever on ping/pong timeout
- socks5 via pysocks support
- v0.47.0 breaks ability to stop stream with run_forever
- _http.py: fix windows proxy error due to socktype
