Release 2.4.5 Fri February 18 2022
Security fixes:
#562 CVE-2022-25235 -- Passing malformed 2- and 3-byte UTF-8
sequences (e.g. from start tag names) to the XML
processing application on top of Expat can cause
arbitrary damage (e.g. code execution) depending
on how invalid UTF-8 is handled inside the XML
processor; validation was not their job but Expat's.
Exploits with code execution are known to exist.
#561 CVE-2022-25236 -- Passing (one or more) namespace separator
characters in "xmlns[:prefix]" attribute values
made Expat send malformed tag names to the XML
processor on top of Expat which can cause
arbitrary damage (e.g. code execution) depending
on such unexpectable cases are handled inside the XML
processor; validation was not their job but Expat's.
Exploits with code execution are known to exist.
#558 CVE-2022-25313 -- Fix stack exhaustion in doctype parsing
that could be triggered by e.g. a 2 megabytes
file with a large number of opening braces.
Expected impact is denial of service or potentially
arbitrary code execution.
#560 CVE-2022-25314 -- Fix integer overflow in function copyString;
only affects the encoding name parameter at parser creation
time which is often hardcoded (rather than user input),
takes a value in the gigabytes to trigger, and a 64-bit
machine. Expected impact is denial of service.
#559 CVE-2022-25315 -- Fix integer overflow in function storeRawNames;
needs input in the gigabytes and a 64-bit machine.
Expected impact is denial of service or potentially
arbitrary code execution.
Other changes:
#557#564 Version info bumped from 9:4:8 to 9:5:8;
see https://verbump.de/ for what these numbers do
This is an alpha for 2.52.0 and contains significant changes.
While just upgrading and using it should work, it has not received
enough testing to be called beta. In particular the new formats have
not been tested with big endian processors.
## Changes in 2.52.0
* Feature negotiation, compatible with 2.51.
* New archive format (independent of ocaml version, based on umarshal)
Upgrade is automatic.
* New wire protocol (independent of ocaml version, based on umarshal)
New protocol is used if both sides are >= 2.52.0.
* Support for unix-domain sockets
* Many bugfixes and minor improvements
* ocaml compatibility is now >= 4.01
* NEWS is now in NEWS.md and not in the manual
MariaDB 10.5.15 Release Notes
Notable Items
InnoDB
* Set innodb_change_buffering=none by default (MDEV-27734)
Security
* Fixes for the following security vulnerabilities:
* CVE-2021-46665
* CVE-2021-46664
* CVE-2021-46661
* CVE-2021-46668
* CVE-2021-46663
MariaDB 10.5.14 Release Notes
Notable Items
InnoDB
* --skip-symbolic-links does not disallow .isl file creation
(MDEV-26870)
* Indexed CHAR columns are broken with NO_PAD collations (MDEV-25440)
* insert-intention lock conflicts with waiting ORDINARY lock
(MDEV-27025)
* Crash recovery improvements (MDEV-26784, MDEV-27022, MDEV-27183,
MDEV-27610)
Galera
* Galera updated to 26.4.11
* Galera SST scripts should use ssl_capath (not ssl_ca) for CA directory
(MDEV-27181)
* Alter Sequence do not replicate to another nodes with in Galera
Cluster (MDEV-19353)
* Galera crash - Assertion. Possible parallel writeset problem
(MDEV-26803)
* CREATE TABLE with FOREIGN KEY constraint fails to apply in parallel
(MDEV-27276)
* Galera cluster node consider old server_id value even after
modification of server_id [wsrep_gtid_mode=ON] (MDEV-26223)
Replication
* Seconds behind master corrected from artificial spikes at relay-log
rotation (MDEV-16091)
* Statement rollback in binlog when transaction creates or drop
temporary table is set right (MDEV-26833)
* CREATE-or-REPLACE SEQUENCE is made to binlog with the DDL flag to
stabilize its parallel execution on slave (MDEV-27365)
Security
* Fixes for the following security vulnerabilities:
* CVE-2022-24052
* CVE-2022-24051
* CVE-2022-24050
* CVE-2022-24048
* CVE-2021-46659
MariaDB 10.6.7 Release Notes
InnoDB
* Set innodb_change_buffering=none by default (MDEV-27734)
Security
* Fixes for the following security vulnerabilities:
* CVE-2021-46665
* CVE-2021-46664
* CVE-2021-46661
* CVE-2021-46668
* CVE-2021-46663
MariaDB 10.6.6 Release Notes
Notable Items
InnoDB
* --skip-symbolic-links does not disallow .isl file creation
(MDEV-26870)
* Indexed CHAR columns are broken with NO_PAD collations (MDEV-25440)
* insert-intention lock conflicts with waiting ORDINARY lock
(MDEV-27025)
* Crash recovery improvements (MDEV-26784, MDEV-27022, MDEV-27183,
MDEV-27610)
* mariabackup skips valid .ibd file (MDEV-26326)
* Allow seamless upgrade despite ROW_FORMAT=COMPRESSED (MDEV-27736)
Galera
* Galera updated to 26.4.11
* Galera SST scripts should use ssl_capath (not ssl_ca) for CA directory
(MDEV-27181)
* Alter Sequence do not replicate to another nodes with in Galera
Cluster (MDEV-19353)
* Galera crash - Assertion. Possible parallel writeset problem
(MDEV-26803)
* CREATE TABLE with FOREIGN KEY constraint fails to apply in parallel
(MDEV-27276)
* Galera cluster node consider old server_id value even after
modification of server_id [wsrep_gtid_mode=ON] (MDEV-26223)
Replication
* Seconds behind master corrected from artificial spikes at relay-log
rotation (MDEV-16091)
* Statement rollback in binlog when transaction creates or drop
temporary table is set right (MDEV-26833)
* CREATE-or-REPLACE SEQUENCE is made to binlog with the DDL flag to
stabilize its parallel execution on slave (MDEV-27365)
Security
* Fixes for the following security vulnerabilities:
* CVE-2022-24052
* CVE-2022-24051
* CVE-2022-24050
* CVE-2022-24048
* CVE-2021-46659
1.43.0-0
* Change the call to acquire_vm_cb() in luv.new_therad() to be made
before the thread is created in luv_new_thread().
* simplify vm management in thread and threadpool
Changes in version 5.4:
* Fixed handling of PDF files with already existing outlines
in pdfoutline.
* Added a script for extracting outlines from PDF files
(pdf-extract-outline).
* Pango is always used to draw glyphs, options -p and --use-pango are
accepted but ignored.
* Fixed possible outline corruption in pdfoutline with some versions
of PDF::API2 library (Yifeng Li).
* Various code and build system cleanups.
- Enable git hooks with `MOB_GIT_HOOKS_ENABLED=true`. By default, this
option is false and no git hooks such as `pre-commit` or `pre-push`
are triggered via mob itself.
ufdbGuard is a URL filter to block unwanted web content on the internet.
ufdbGuard can also enforce Google SafeSearch, detect UltraSurf, Tor, Skype
and other chat applications, proxy tunnels and enforce safer HTTPS traffic.
ufdbGuard is a redirector for the Squid web proxy with 50,000 URL
verifications/second. ufdbGuard integrates with user authorities like LDAP,
Kerberos and Active Directory to assign different policies to different
groups of users.
Version 10.1.2 (2022-02-17)
---------------------------
.Bug fixes
- DESTDIR passed to pip as part of make install
- Add number of missing files to release tarballs
- Fix parsing asciidoc_opt values with spaces for a2x
.Miscellaneous
- Cleanup unused parts of Makefile
- Website files removed from main asciidoc-py repo
Version 10.1.1 (2021-12-20)
---------------------------
.Bug fixes
- Fix RuntimeWarning when executing asciidoc or a2x within repository
- Fix index out of range error in a2x (thanks @osmith42)
Version 10.1.0 (2021-12-17)
---------------------------
.Features
- Add top-level `__version__` and `VERSION` module exports (thanks @tbpassin)
.Bug fixes
- Fix self reference errors in AsciiDocApi (thanks @tbpassin)
- Add back asciidoc execute print in a2x verbose
Version 10.0.2 (2021-11-12)
---------------------------
.Bug fixes
- Fix errors not displaying when called via a2x (thanks @osmith42)
- Fix incorrect parsing of asciidoc_opts in a2x (thanks @lmarz)
.Miscellaneous
- Fix automating homebrew release updates
Version 10.0.1 (2021-10-28)
---------------------------
.Bug fixes
- Fix running make docs
- Fix warning in music filter when using GraphicsMagick
- Fix handling escaped attributes inside of macros
- Include *.xsl and *.sty files in pip installations
Version 10.0.0 (2021-10-16)
---------------------------
.Breaking Changes
AsciiDoc.py has been rewritten to be a https://pypi.org/project/asciidoc/[proper Python package], installable via pip. Downloading and running asciidoc from the repo is not recommended, but can be done through `python3 -m asciidoc` or `python3 -m asciidoc.a2x`. CLI usage should remain the same where both `asciidoc` and `a2x` CLI commands are available after pip installation. Support for overriding the bundled *.conf files is done through CLI flags, environment variables, etc., and not through directly editing the files within the installation. Importing asciidoc should no longer require the `asciidocapi.py` script, and can be done through regular python import, e.g. `import asciidoc; asciidoc.execute(...)`.
The APIs of the asciidoc and a2x scripts are now considered "provisional" with no guarantee of BC between releases with the exception of the `asciidoc.execute` method. Please post an issue on our tracker for any method you directly rely on and would like to have BC for.
.Features
- Install using `pip install asciidoc`
.Miscellaneous
- Changed website domain to https://asciidoc-py.github.io/. The old domain will redirect for a period of time, but will be updated at some point to point at website created by the https://asciidoc-wg.eclipse.org/[AsciiDoc Working Group].
.Testing
- Test against 3.10 stable
Release v1.44.0
Core
xDS: Rbac filter updates
Fix xDS client for multiple watchers.
bump C-core version for upcoming release.
Add a trace to list which filters are contained in a channel stack.
Remove grpc_httpcli_context.
xDS: Add support for RBAC HTTP filter.
API to cancel grpc_resolve_address.
Replace work serializer with a mutex in c-ares resolver.
xDS: Add graceful shutdown for old connections on listener resource update.
C++
Promote ClientContext::set_wait_for_ready to be non-experimental.
Python
Add python async example for hellostreamingworld using generator.
Disable __wrap_memcpy hack for Python builds.
Bump Bazel Python Cython dependency to 0.29.26.
Fix libatomic linking on Raspberry Pi OS Bullseye.
Allow generated proto sources in remote repositories for py_proto_library.
The current ALTERNATIVES/post-install was not enough to make this package
avoid a self-conflict (due to the man pages). Since this is an application
that which no other packages depend upon, there is no need to have it
installed for multiple python versions at the same time, so simplify
this.
Bump PKGREVISION.
