0.28.13 (2023-11-20):
* Bugfix: %GITHUB%/issues/1534 Layout::dup does not copy properties
* Bugfix: %GITHUB%/issues/1533 KLayout crashing with two consecutive calls of the same LayoutView::show_layout command
* Bugfix: %GITHUB%/issues/1532 DRC checks give incorrect results in deep mode with magnified instances
* Enhancement: %GITHUB%/issues/1527 Marker Database Browser: add context menu to Info widget
* Bugfix: %GITHUB%/issues/1522 Changing ruler/annotation from script weirdly interferes with pya.Application.commit_config
* Enhancement: %GITHUB%/issues/1514 Package manager: Support for Git-hosted packages
* Bugfix: %GITHUB%/issues/1512 "get_image" of LayoutView should also work on inactive views
* Bugfix: %GITHUB%/issues/1511 Typo
* Enhancement: %GITHUB%/issues/1510 Cross hair cursor
* Bugfix: %GITHUB%/issues/1503 Import LEF/DEF - LEF files given in list are ignored for DEF import
* Bugfix: %GITHUB%/issues/1499 strm2oas: support LAYER <layername> TYPE OVERLAP ; for L-shaped abstracts
* Bugfix: %GITHUB%/issues/1486 Invalid error "Some macros are configured to run automatically" when changing reader options
* Bugfix: %GITHUB%/issues/1485 Incorrectly set output cell name if using DRC::cell
* Bugfix: %GITHUB%/issues/1482 Strict mode oasis should write the S_CELL_OFFSET into the CELLNAME table
* Bugfix: %GITHUB%/issues/885 Must-connect checks in LVS
* Bugfix: -without-qt builds did not include DRC or LVS
* Enhancement: Added Layout#error_layer
* Enhancement: Option -k for copying log to a file
* Enhancement: Editor option to control snapping to grid while moving
This controls whether objects are snapped to grid (on) or moved in grid
increments (off)
- Remove broken special handling of test -t
- consistently escape control characters when displaying file name
completions, even when there are multiple matches
- added kefir compiler support
+ Don't allow mounting of already mounted sandboxes, or unmounting of
unmounted sandboxes.
+ Also, add an extra "ismounted" case label to be able to tell if a
sandbox is mounted. A df(1) invocation should continue to work just
as well :)
No objections on tech-pkg@
Addresses the first part of PR pkg/51992 from Paul Goyette
shared-mime-info 2.4 (2023-11-12)
* Restore mimetype name for *.bz2 and *.tar.bz2
* Improve detection of application/mac-binhex40
* Add application/x-msdownload and subtypes
* Add Windows app store types
* Give Windows Installer packages the package icon
* Lower priority for text/x-mpsub's magic, so it doesn't match pcb-drillFile.drl
* Add application/x-powershell
* Add application/wasm
* Change comment of text/x-mpsub
* Change comment of text/x-mpl2
* Add text/x-component
* Give higher priority to the more specific image/apng magic
* Recognize *.jfif as image/jpeg
* Add application/its+xml
* Add text/x-vb
* Add text/x-basic
* Add new group "chemical" in update-mime-database
* Add mimetype for Protein Data Bank (pdb) files
* Remove too generic magic from application/x-pak
* Add application/json5
* Add text/vbscript.encode
* Add text/jscript.encode
* Add text/jscript as synonym of text/javascript
* Fix backwards relationship between text/javascript and application/ecmascript
* Add application/vnd.cups-ppd
* Add application/x-ms-shortcut
* Give application/x-mswinurl the link icon
Build:
* Fix missing sentinel warning with clang
* Fix false positive fdatasync detection on darwin
* Fix string literal concatenation
shared-mime-info 2.3 (2023-10-07)
* Make update-mime-database compatible with MSVC (by porting it to C++)
* Remove "##" magic for matlab files
* Add application/x-ms-pdb
* Identify .pdb files without a signature match as application/vnd.palm
* text/vnd.familysearch.gedcom: use IANA registered type
* application/vnd.dbf: use IANA registered type
* application/vnd.dart: use IANA registered type
* application/yaml: use IANA registered type
* Update application/sieve.
* Updated to latest xdgmime
* Add subclass information for .ppt and .xls
* Add application/x-bzip3
* Add application/x-bzip for bzip2's deprecated predecessor bzip
* Rename application/x-bzip to application/x-bzip2
* add tiled map editor map and tileset files
* Add image/apng
* Lengthen image/png magic
* Add JPEG XR mime type
* Add Gerber and Excellon drill files
* Bump magic priority for application/ovf
* Fix description for audio/x-xi
* Add Portable Font Resource application/font-tdpfr.
* Add mimetype application/x-lmdb
* Add definition and test file for StuffIt X archives.
* spec: Clarify that namespaceURI can be empty
* Add application/vnd.ms-officetheme
* Add mime type for Typst files
* Add text/x-nim and text/x-nimscript
* Don't install man page on Windows
* Improve matching for message/rfc822
* Add mimetype for Blueprint source code
* buildsystem - add options for building tests and translations
* Give application/x-raw-floppy-disk-image the floppy media icon
* Give generic optical disk images the optical media icon
* Make application/vnd.squashfs a subclass of application/vnd.efi.img
* Prefer application/vnd.efi.img over application/x-raw-disk-image
* Prefer application/vnd.efi.iso over application/x-cd-image
* Avoid meson errors when 'build-tools' is set to false
* Add DOS/Windows batch file type
* Add application/vnd.microsoft.windows.thumbnail-cache
* Add application/x-fishscript and application/x-nuscript
* Add perf data file type
* use Sentence case for mime type descriptions
* Revert "use Title Case for mime type description"
* Add todo.txt mime type
* Prefer video/vnd.avi over video/x-msvideo
* Prefer audio/vnd.wave over audio/x-wav
* Add mimetype for ERIS link files
* Add mimetype for CBOR
* Add support for newer AAXC Audible Audiobook format
* ci: Use ci-templates to build image
* Add Modrinth modpack
* Add application/x-zpaq
* CI: Use dnf5 instead of dnf
* use Title Case for mime type description
* Add mimetype for Quite OK Image Format (QOI)
* ci: Use detached pipelines
* Add OpenVPN profile
* Prefer application/java-archive to application/x-java-archive
* icons for 3d model formats
* Make application/pgp-* not inherit from text/plain
* Add text/julia for Julia source code
* application/javascript: Rename to text/javascript
* Change descriptions to say LibreOffice rather than OpenOffice
* Add TAK audio mime type
* video/vnd.youtube.yt: add magic
* video/vnd.youtube.yt: use IANA registered type
* text/markdown: add x-office-document generic-icon
* Add two new languages
* audio/x-wav: Add missing sub-class relationship with application/x-riff
* Add mimetype for Flattened Devicetree (binary)
* Add mimetype for Devicetree source code
This document describes differences between the 5.38.0 release and the 5.38.2
release. B<Please note:> This document ignores Perl 5.38.1, a broken release
which existed for a couple of days only.
Security
This release fixes the following security issues.
CVE-2023-47038 - Write past buffer end via illegal user-defined Unicode property
This vulnerability was reported directly to the Perl security team by
Nathan Mills C<the.true.nathan.mills@gmail.com>.
A crafted regular expression when compiled by perl 5.30.0 through
5.38.0 can cause a one-byte attacker controlled buffer overflow in a
heap allocated buffer.
CVE-2023-47039 - Perl for Windows binary hijacking vulnerability
This vulnerability was reported to the Intel Product Security Incident
Response Team (PSIRT) by GitHub user ycdxsb
L<https://github.com/ycdxsb/WindowsPrivilegeEscalation>. PSIRT then
reported it to the Perl security team.
Perl for Windows relies on the system path environment variable to
find the shell (C<cmd.exe>). When running an executable which uses
Windows Perl interpreter, Perl attempts to find and execute C<cmd.exe>
within the operating system. However, due to path search order issues,
Perl initially looks for cmd.exe in the current working directory.
An attacker with limited privileges can exploit this behavior by
placing C<cmd.exe> in locations with weak permissions, such as
C<C:\ProgramData>. By doing so, when an administrator attempts to use
this executable from these compromised locations, arbitrary code can
be executed.
This minor release includes 3 security fixes following the security policy:
- net/http: limit chunked data overhead
A malicious HTTP sender can use chunk extensions to cause a receiver reading
from a request or response body to read many more bytes from the network than
are in the body.
A malicious HTTP client can further exploit this to cause a server to
automatically read a large amount of data (up to about 1GiB) when a handler
fails to read the entire body of a request.
Chunk extensions are a little-used HTTP feature which permit including
additional metadata in a request or response body sent using the chunked
encoding. The net/http chunked encoding reader discards this metadata. A
sender can exploit this by inserting a large metadata segment with each byte
transferred. The chunk reader now produces an error if the ratio of real body
to encoded bytes grows too small.
Thanks to Bartek Nowotarski for reporting this issue.
This is CVE-2023-39326 and Go issue https://go.dev/issue/64433.
- cmd/go: go get may unexpectedly fallback to insecure git
Using go get to fetch a module with the ".git" suffix may unexpectedly
fallback to the insecure "git://" protocol if the module is unavailable via
the secure "https://" and "git+ssh://" protocols, even if GOINSECURE is not
set for said module. This only affects users who are not using the module
proxy and are fetching modules directly (i.e. GOPROXY=off).
Thanks to David Leadbeater for reporting this issue.
This is CVE-2023-45285 and Go issue https://go.dev/issue/63845.
- path/filepath: retain trailing \ when cleaning paths like \\?\c:\
Go 1.20.11 and Go 1.21.4 inadvertently changed the definition of the volume
name in Windows paths starting with \\?\, resulting in
filepath.Clean(\\?\c:\) returning \\?\c: rather than \\?\c:\ (among other
effects). The previous behavior has been restored.
This is an update to CVE-2023-45283 and Go issue https://go.dev/issue/64028.
This minor release includes 3 security fixes following the security policy:
- net/http: limit chunked data overhead
A malicious HTTP sender can use chunk extensions to cause a receiver reading
from a request or response body to read many more bytes from the network than
are in the body.
A malicious HTTP client can further exploit this to cause a server to
automatically read a large amount of data (up to about 1GiB) when a handler
fails to read the entire body of a request.
Chunk extensions are a little-used HTTP feature which permit including
additional metadata in a request or response body sent using the chunked
encoding. The net/http chunked encoding reader discards this metadata. A
sender can exploit this by inserting a large metadata segment with each byte
transferred. The chunk reader now produces an error if the ratio of real body
to encoded bytes grows too small.
Thanks to Bartek Nowotarski for reporting this issue.
This is CVE-2023-39326 and Go issue https://go.dev/issue/64433.
- cmd/go: go get may unexpectedly fallback to insecure git
Using go get to fetch a module with the ".git" suffix may unexpectedly
fallback to the insecure "git://" protocol if the module is unavailable via
the secure "https://" and "git+ssh://" protocols, even if GOINSECURE is not
set for said module. This only affects users who are not using the module
proxy and are fetching modules directly (i.e. GOPROXY=off).
Thanks to David Leadbeater for reporting this issue.
This is CVE-2023-45285 and Go issue https://go.dev/issue/63845.
- path/filepath: retain trailing \ when cleaning paths like \\?\c:\
Go 1.20.11 and Go 1.21.4 inadvertently changed the definition of the volume
name in Windows paths starting with \\?\, resulting in
filepath.Clean(\\?\c:\) returning \\?\c: rather than \\?\c:\ (among other
effects). The previous behavior has been restored.
This is an update to CVE-2023-45283 and Go issue https://go.dev/issue/64028.
3.1.7 (2023-10-13)
Rewrite vars-auto-detect, adhere to EasyRSA-Advanced.md
Under the hood, this is a considerable change but there are no user
noticable differences. With the exception of:
Caveat: The default '$PWD/pki/vars' file is forbidden to change either
EASYRSA or EASYRSA_PKI, which are both implied by default.
EasyRSA-Advanced.md: Correct vars-auto-detect hierarchy
Commit: ecd6506
EASYRSA/vars is moved to a higher priority than a default PKI.
vars-auto-detect no longer searches 'easyrsa' program directory.
gen-crl: preserve existing crl.pem ownership+mode
New command: make-vars - Print vars.example (here-doc) to stdout
show-expire: Calculate cert. expire seconds from DB date
Update OpenSSL to 3.1.2
Version 81.0 "Milliontown" 2023-12-02
New features and enhancements
* mkvmerge: MPEG transport stream reader: HEVC/H.265: added support for
reading single-layer Dolby Vision from Annex B type bitstream read from MPEG
transport streams.
* mkvmerge: MPEG transport stream reader, HEVC/H.265 elementary stream reader:
added support for reading dual-layer Dolby Vision with both the base &
enhancement layers in the same track from Annex B type bitstreams in MPEG
transport files & elementary stream files.
* mkvmerge: MPEG transport stream reader: HEVC/H.265: implemented combining
dual-layer Dolby Vision with base & enhancement layers in different
tracks.
* MKVToolNix GUI: multiplexer: added a new option in the preferences for
always enabling 'forced' subtitle tracks. A subtitle track is considered to
be 'forced' if: the corresponding property is set in the source file; the
track's name contains the word 'forced' (in English); deriving the 'forced
display' flag from file names is active & the file name matches the
corresponding pattern. The option is disabled by default.
* MKVToolNix GUI: multiplexer: the functionality for detecting file name
sequences when adding files can now recognize the patterns used by GoPro's
cameras for chaptered video files.
* xyzvc_dump: the end position of the current NALU will be output in
non-portable format as well.
* xyzvc_dump: HEVC: the tool will now also output the inner NALU type of Dolby
Vision NALUs (`unspec62` and `unspec63`).
Bug fixes
* mkvmerge: when the user requests processing be stopped after the video ends
`mkvmerge` will now take appending files into account properly. It won't
stop processing unconditionally after the first file ends anymore.
* mkvmerge: AV1 handling in readers: the readers will now provide the pixel
dimensions to the AV1 packetizer as early as possible, just like for other
video packetizers. That way the pixel dimensions are available for
calculating the display dimensions when command-line options such as
`--aspect-ratio` & `--aspect-ratio-factor` are used. Before the change the
calculation was done based on initial pixel dimension values of 0x0,
resulting in display dimensions of 0x0, too.
* mkvmerge: HEVC/H.265 packetizer: when reading & appending HEVC/H.265 from
Matroska, MP4/MOV or FLV files the first frame of all the appended files was
sometimes dropped, resulting in broken video at the point where video is
appended.
* mkvmerge: MPEG transport stream reader: when reading MPEG transport streams
from Blu-rays the four-byte long `TP_extra_header` structure in front of the
transport packets are now skipped properly. Before the fix a stray byte with
value of `0x47` inside that `TP_extra_header` structure could have thrown
off the detection of where the transport packets start, leading to mkvmerge
dropping a few audio and/or video frames at the start of the file.
* mkvextract: AAC extractor: when an invalid program config element in the
GA-specific config element is encountered, the program config element will
be disregarded, which avoids mkvextract aborting with an exception.
* xyzvc_dump: fixed the tool aborting with an exception when the last NALU in
an Annex B type file was shorter than four bytes.
Other changes
* AVC & HEVC dumper development tool: the tool has been renamed from
`xvc_dump` to `xyzvc_dump` as `xvc` is an abbreviation for an existing video
codec (Extreme Video Coding), and the tool has nothing to do with that
codec.
v2.16.1
=======
Breaking Changes / Porting Guide
--------------------------------
- assert - Nested templating may result in an inability for the conditional to be evaluated. See the porting guide for more information.
Security Fixes
--------------
- templating - Address issues where internal templating can cause unsafe variables to lose their unsafe designation (CVE-2023-5764)
Bugfixes
--------
- Fix issue where an ``include_tasks`` handler in a role was not able to locate a file in ``tasks/`` when ``tasks_from`` was used as a role entry point and ``main.yml`` was not present (https://github.com/ansible/ansible/issues/82241)
- Plugin loader does not dedupe nor cache filter/test plugins by file basename, but full path name.
- Restoring the ability of filters/tests can have same file base name but different tests/filters defined inside.
- ansible-pull now will expand relative paths for the ``-d|--directory`` option is now expanded before use.
- ansible-pull will now correctly handle become and connection password file options for ansible-playbook.
- flush_handlers - properly handle a handler failure in a nested block when ``force_handlers`` is set (http://github.com/ansible/ansible/issues/81532)
- module no_log will no longer affect top level booleans, for example ``no_log_module_parameter='a'`` will no longer hide ``changed=False`` as a 'no log value' (matches 'a').
- role params now have higher precedence than host facts again, matching documentation, this had unintentionally changed in 2.15.
- wait_for should not handle 'non mmapable files' again.
0.23.2 (2023-12-04)
===================
- Fixes a bug that caused an internal pytest error when collecting .txt files
0.23.1 (2023-12-03)
===================
- Fixes a bug that caused an internal pytest error when using module-level skips
0.23.0 (2023-12-03)
===================
This release is backwards-compatible with v0.21.
Changes are non-breaking, unless you upgrade from v0.22.
- BREAKING: The *asyncio_event_loop* mark has been removed. Event loops with class, module, package, and session scopes can be requested via the *scope* keyword argument to the _asyncio_ mark.
- Introduces the *event_loop_policy* fixture which allows testing with non-default or multiple event loops
- Introduces ``pytest_asyncio.is_async_test`` which returns whether a test item is managed by pytest-asyncio
- Removes and *pytest-trio,* *mypy,* and *flaky* from the test dependencies
0.22.0 (2023-10-31)
===================
This release has been yanked from PyPI due to fundamental issues with the _asyncio_event_loop_ mark.
- Class-scoped and module-scoped event loops can be requested
via the _asyncio_event_loop_ mark.
- Deprecate redefinition of the `event_loop` fixture.
Users requiring a class-scoped or module-scoped asyncio event loop for their tests
should mark the corresponding class or module with `asyncio_event_loop`.
- Test items based on asynchronous generators always exit with *xfail* status and emit a warning during the collection phase. This behavior is consistent with synchronous yield tests.
- Remove support for Python 3.7
- Declare support for Python 3.12
This little number can be used to introduce smtp banner delays for
qmail. When run between tcpserver and rblsmtpd, it'll do a reverse
lookup of the connecting IP, compare that PTR to a regex, and then apply
long banner delays if there was no PTR or if the PTR matches the
"dialup" regex. The program depends on the fact that tcpserver will set
TCPREMOTEIP, and will take advantage of TCPREMOTEHOST if it's set. If
the client tries to pipeline (ram SMTP commands down our throat before
we show them an SMTP banner), RBLSMTPD is set, notifying rblsmtpd to
refuse their mail.
Twitch chat in the terminal. Feature list:
- Read/send/search messages
- Switch channels
- Create and toggle filters
- Command, channel, and mention suggestions
- Customize functionality and looks to your liking using a config file
* Adopt the suggested patch from
https://issues.opendnssec.org/browse/SUPPORT-278
for what looks like a concurrency error in interfacing
to the HSM module.
* Give correct upper-case/lower-case hint if command
is not configured in the error message.
* Be a bit more verbose about which zone isn't found if
indeed it isn't found.
Bump PKGREVISION.
v1.30.0 - 2023-12-03
- :trash internal - I'd like feedback on this one - Fix#799
- solve symlinks on :panel_right to display the dest path and the dest
filesystem - Fix#804
- :panel_right on a directory now removes the filter
- more '~' expansion in verb arguments