Update squid4 to 4.12 (Squid 4.12). This release includes fix for
CVE-2020-14058: <http://www.squid-cache.org/Advisories/SQUID-2020_6.txt>.
Changes to squid-4.12 (05 Jun 2020):
- Regression Fix: Revert to slow search for new SMP shm pages
- Bug 5045: ext_edirectory_userip_acl is missing include files
- Bug 5041: Missing Debug::Extra breaks build on hosts with systemd
- Bug 5030: Negative responses are never cached
- HTTP: validate Content-Length value prefix
- HTTP: add flexible RFC 3986 URI encoder
- SslBump: disable OpenSSL TLSv1.3 support for older TLS traffic
- Tests: Support passing a custom config.cache to test builds
- Fix IPFilter IPv6 detection, especially on NetBSD
- Fix stall if transaction overwrites a recently active cache entry
- ... and some compile fixes
0.8.2: (2020-06-14)
Emulation fixes:
- ARM: Fix timing on Thumb shift instructions
- GB: Fix GBC game registers after skipping BIOS
- GB MBC: Support 4MB MBC30 ROMs (fixes mgba.io/i/1713)
- GB Video: Fix BGPS value after skipping BIOS (fixes mgba.io/i/1717)
- GBA: Add missing RTC overrides for Legendz games
- GBA BIOS: Reset renderer when RegisterRamReset called (fixes mgba.io/i/1756)
- GBA SIO: Fix Multiplayer busy bit
- GBA SIO: Fix double-unloading active driver
- GBA Timers: Fix deserializing count-up timers
- GBA Video: Fix mosaic objects drawing past the end (fixes mgba.io/i/1702)
- GBA Video: Fix disabling OBJWIN in GL renderer (fixes mgba.io/i/1759)
- GBA Video: Add missing parts of 256-color mode 0 mosaic (fixes mgba.io/i/1701)
- GBA Video: Fix double-size OBJ wrapping in GL renderer (fixes mgba.io/i/1712)
- GBA Video: Simplify sprite cycle counting (fixes mgba.io/i/1279)
- GBA Video: Fix sprite/backdrop blending regression
## 1.10.1 - 2020-06-18
- Expose `janet_table_clear` in API.
- Respect `JANET_NO_PROCESSES` define when building
- Fix `jpm` rules having multiple copies of the same dependency.
- Fix `jpm` install in some cases.
- Add `array/trim` and `buffer/trim` to shrink the backing capacity of these types
to their current length.
## 1.10.0 - 2020-06-14
- Hardcode default jpm paths on install so env variables are needed in fewer cases.
- Add `:no-compile` to `create-executable` option for jpm.
- Fix bug with the `trace` function.
- Add `:h`, `:a`, and `:c` flags to `thread/new` for creating new kinds of threads.
By default, threads will now consume much less memory per thread, but sending data between
threads may cost more.
- Fix flychecking when using the `use` macro.
- CTRL-C no longer exits the repl, and instead cancels the current form.
- Various small bug fixes
- New MSI installer instead of NSIS based installer.
- Make `os/realpath` work on windows.
- Add polymorphic `compare` functions for comparing numbers.
- Add `to` and `thru` peg combinators.
- Add `JANET_GIT` environment variable to jpm to use a specific git binary (useful mainly on windows).
- `asm` and `disasm` functions now use keywords instead of macros for keys. Also
some slight changes to the way constants are encoded (remove wrapping `quote` in some cases).
- Expose current macro form inside macros as (dyn :macro-form)
- Add `tracev` macro.
- Fix compiler bug that emitted incorrect code in some cases for while loops that create closures.
- Add `:fresh` option to `(import ...)` to overwrite the module cache.
- `(range x y 0)` will return an empty array instead of hanging forever.
- Rename `jpm repl` to `jpm debug-repl`.
Add test dependencies and enable tests.
Changes:
Support the change of the reference implementation to version 1.1.1
(see sofacoustics/API_MO@fcd8d6a)
Fixing the problem of left / right confusion common in many old SOFA files
Support many more HDF features which are used in recent implementations of netcdf
0.8.2: (2020-06-14)
Emulation fixes:
- ARM: Fix timing on Thumb shift instructions
- GB: Fix GBC game registers after skipping BIOS
- GB MBC: Support 4MB MBC30 ROMs (fixes mgba.io/i/1713)
- GB Video: Fix BGPS value after skipping BIOS (fixes mgba.io/i/1717)
- GBA: Add missing RTC overrides for Legendz games
- GBA BIOS: Reset renderer when RegisterRamReset called (fixes mgba.io/i/1756)
- GBA SIO: Fix Multiplayer busy bit
- GBA SIO: Fix double-unloading active driver
- GBA Timers: Fix deserializing count-up timers
- GBA Video: Fix mosaic objects drawing past the end (fixes mgba.io/i/1702)
- GBA Video: Fix disabling OBJWIN in GL renderer (fixes mgba.io/i/1759)
- GBA Video: Add missing parts of 256-color mode 0 mosaic (fixes mgba.io/i/1701)
- GBA Video: Fix double-size OBJ wrapping in GL renderer (fixes mgba.io/i/1712)
- GBA Video: Simplify sprite cycle counting (fixes mgba.io/i/1279)
- GBA Video: Fix sprite/backdrop blending regression
Other fixes:
- 3DS: Fix framelimiter on newer citro3d (fixes mgba.io/i/1771)
- ARM: Fix disassembling of several S-type instructions (fixes mgba.io/i/1778)
- ARM Debugger: Clear low bit on breakpoint addresses (fixes mgba.io/i/1764)
- CMake: Always use devkitPro toolchain when applicable (fixes mgba.io/i/1755)
- Core: Fix ELF loading regression (fixes mgba.io/i/1669)
- Core: Fix crash modifying hash table entry (fixes mgba.io/i/1673)
- GB Video: Fix some cases where SGB border doesn't draw to multi-buffers
- GBA: Reject incorrectly sized BIOSes
- GBA: Break infinite loop for 0-frame mVLs (fixes mgba.io/i/1723)
- Qt: Fix OpenGL 2.1 support (fixes mgba.io/i/1678)
- Qt: Fix unmapping zipped ROM (fixes mgba.io/i/1777)
Misc:
- 3DS: Clean up legacy initialization (fixes mgba.io/i/1768)
- GBA Serialize: Only flunk BIOS check if official BIOS was expected
- Qt: Disable Replace ROM option when no game loaded
- Qt: Defer texture updates until frame is drawn (fixes mgba.io/i/1590)
- Qt: Set icon for Discord Rich Presence
- Qt: Show a warning when save file can't be opened
1.7.1:
Fix problem with loading jquery.js after jquery.min.js had been loaded.
Fix usability: Upload files into most recently used folder, instead of root folder.
Changes:
0.8.4
=====
Security
--------
* config.def.h: add an option allowwindowops, by default off (secure).
Similar to the xterm AllowWindowOps option.
The sequence for base64-encoded clipboard copy is now guarded and off by
default because it allows a sequence written to the terminal to manipulate the
clipboard of the (other) running user non-interactively.
Features
--------
* Integrate auto-sync: draw on idle to avoid flicker/tearing by avih.
st could easily tear/flicker with animation or other unattended
output. This commit eliminates most of the tear/flicker.
* Optimize column width calculation and UTF-8 encode for the common-case ASCII.
In particular on glibc and OpenBSD the wcwidth() call is more expensive.
On musl there is no/little difference.
* Add support for REP (repeat) escape sequence and xterm compatibility, by
avih. The capability is not exposed yet due to some issues with
applications.
* Call xsetcursor to set win.cursor in main, by Steve Ward.
Allowing to set the st snowman cursor extension dynamically.
Fixes and other changes
-----------------------
* Fix unicode glitch in DCS strings, by Tim Allen.
The related sixel stub code is now removed also.
* Fix for incorrect (partial) written sequences when libc wcwidth() == -1
and using st -o.
* Mouse selection fixes, by Jakub
* Make shift+wheel behaves as shift+Prev/Next, patch by k0ga
This patch adds a new hack, making shift+wheel returning the
same sequences than shift+Prev/Next, meaning that scroll or
any other similar program will not be able to differentiate
between them.
* Expose rin terminfo capability.
Tianlin Qu discovered that st is missing rin (scroll back #1 lines).
* Replace exit(3) by _exit(2) in signal handler sigchld(), by Jan.
This change prevents st to crash and dump core in some situations.
* FAQ: add details and a patch example for single-buffering (for the w3mimg
hack).
## 2.12.2
### Fixes
* Fixed compilation failure if `is_range` ADL found deleted function (#1929)
* Fixed potential UB in `CAPTURE` if the expression contained non-ASCII characters (#1925)
### Improvements
* `std::result_of` is not used if `std::invoke_result` is available (#1934)
* JUnit reporter writes out `status` attribute for tests (#1899)
* Suppresed clang-tidy's `hicpp-vararg` warning (#1921)
* Catch2 was already suppressing the `cppcoreguidelines-pro-type-vararg` alias of the warning
pkgsrc changes:
- Update MASTER_SITES and HOMEPAGE to current ones
Changes:
Version 1.4.10:
- Improved handling of temporary files on Windows systems.
- Re-enabled support for systems lacking vasprintf(), such as IBM i PASE.
Version 1.4.9:
- No significant changes.
Version 1.4.8:
- Added a new socket command and --socket option to connect via local sockets.
- Added a new tls_host_override command and --tls-host-override option to
override the host name used for TLS verification.
- Fixed the source_ip command for proxies.
Version 1.4.7:
- Minor bug fixes.
Version 1.4.6:
- Minor bug fixes.
Version 1.4.5:
- Fixed OAUTHBEARER.
- Support for TLS client certificates via PKCS11 devices, e.g. smart cards.
- Various small bug fixes and improvements.
Version 1.4.4:
- Added support for the OAUTHBEARER authentication method.
- Several minor bug fixes.
Version 1.4.3:
- This version fixes a security problem that affects version 1.4.2 (older
versions are not affected): when the new default value system for
tls_trust_file is used, the result of certificate verification was not
properly checked.
Version 1.4.2:
- To simplify TLS setup, the tls_trust_file command has a new default value
'system' that selects the system default trust. Now you just need tls=on to
use TLS; the other TLS options are only required in special cases.
To make this work without breaking compatibility with older mpop versions,
tls_fingerprint now overrides tls_trust_file, and tls_certcheck=off overrides
both (previously, you could not specify contradicting options).
- To simplify setup, a new option '--configure <mailaddress>' was added that
automatically generates a configuration file for a given mail address.
However, this only works if the mail domain publishes appropriate SRV records.
Version 1.4.1:
- Fixed our TLS code to support TLS 1.3 with GnuTLS.
Version 1.4.0:
- Using OpenSSL is discouraged and may not be supported in the future. Please
use GnuTLS instead. The reasons are explained here:
https://marlam.de/mpop/news/openssl-discouraged/
- As using GNU SASL is most likely unnecessary, it is disabled by default now.
Since everything uses TLS nowadays and thus can use PLAIN authentication, you
really only need it for GSSAPI.
- If your system requires a library for IDN support, libidn2 is now used instead
of the older libidn.
- The APOP and CRAM-MD5 authentication method are marked as obsolete / insecure
and will not be chosen automatically anymore.
- The passwordeval command does not require the password to be terminated by a
new line character anymore.
- Builtin default port numbers are now used instead of consulting /etc/services.
- Support for DJGPP and for systems lacking vasprintf(), mkstemp(), or tmpfile()
is removed.
Version 1.2.8:
- Fix support for ~/.config/mpop/config as configuration file
- Add --source-ip option and source_ip command to bind the outgoing connection
to a specific source IP address.
- Enable SNI for TLS
Version 1.2.7:
- Add support for ~/.config/mpop/config as configuration file
- Add network timeout handling on Windows
- Fix command line handling of SHA256 TLS fingerprints
- Update german translation
Discussed and ok with <reed>, thanks!
4.014 Thurs June 11, 2020
* Fix build issue on non-win32 platforms.
* Update zstd to 1.4.5
4.012 Tues February 4, 2020
* Fix memory leak in looks_like_sereal(), thanks to Kirill Sysoev
4.011 Tues February 4, 2020
* Fix and test custom opcode logic for 5.31.2 and later.
4.010 Tues February 4, 2020
* Encoder/Decoder: Update miniz
* Encoder/Decoder: Update zstd
* Sereal/Encoder/Decoder: perltidy perl code to a standard style
4.014 Thurs June 11, 2020
* Fix build issue on non-win32 platforms.
* Update zstd to 1.4.5
4.012 Weds June 10, 2020
* Fix memory leak in looks_like_sereal(), thanks to Kirill Sysoev
4.011 Tues February 4, 2020
* Fix and test custom opcode logic for 5.31.2 and later.
4.010 Tues February 4, 2020
* Update miniz
* Update zstd
* perltidy perl code to a standard style
4.014 Thurs June 11, 2020
* Fix build issue on non-win32 platforms.
* Update zstd to 1.4.5
4.012 Weds June 10, 2020
* Fix memory leak in looks_like_sereal(), thanks to Kirill Sysoev
4.011 Tues February 4, 2020
* Fix and test custom opcode logic for 5.31.2 and later.
4.010 Tues February 4, 2020
* Update miniz
* Update zstd
* perltidy perl code to a standard style
