3.3.0:
Features
Added new fixtures django_mail_dnsname and django_mail_patch_dns, used by mailoutbox to monkeypatch the DNS_NAME used in django.core.mail to improve performance and reproducibility.
Bug fixes
Fixed test for classmethod with Django TestCases
Fixed RemovedInPytest4Warning: MarkInfo objects are deprecated
Fixed scope of overridden settings with live_server fixture: previously they were visible to following tests
version 4.0.1:
- avcodec/aacdec_fixed: Fix undefined integer overflow in apply_independent_coupling_fixed()
- avcodec/dirac_dwt_template: Fix undefined behavior in interleave()
- avutil/common: Fix undefined behavior in av_clip_uintp2_c()
- fftools/ffmpeg: Fallback to duration if sample rate is unavailable
- avformat/mov: Only set pkt->duration to non negative values
- avcodec/mpeg4videodec: Clear bits_per_raw_sample if it has originated from a previous instance
- avformat/movenc: fix recognization of cover image streams
- avformat/movenc: properly handle cover image codecs
- avcodec/h264_slice: Fix overflow in recovery_frame computation
- avcodec/h264_ps: Move MAX_LOG2_MAX_FRAME_NUM to header so it can be used in h264_sei
- avcodec/h264_mc_template: Only prefetch motion if the list is used.
- avcodec/xwddec: Use ff_set_dimensions()
- avcodec/wavpack: Fix overflow in adding tail
- avcodec/shorten: Fix multiple integer overflows
- avcodec/shorten: Fix undefined shift in fix_bitshift()
- avcodec/shorten: Fix a negative left shift in shorten_decode_frame()
- avcodec/shorten: Sanity check nmeans
- avcodec/shorten: Check non COMM chunk len before skip in decode_aiff_header()
- avcodec/mjpegdec: Fix integer overflow in ljpeg_decode_rgb_scan()
- avcodec/truemotion2: Fix overflow in tm2_apply_deltas()
- avcodec/opus_silk: Change silk_lsf2lpc() slightly toward silk/NLSF2A.c
- avcodec/amrwbdec: Fix division by 0 in find_hb_gain()
- avcodec/h263dec: Reinitialize idct context if it has not been setup for the active profile
- avcodec/idctdsp: Clear idct/idct_add for studio profile
- avformat/mov: replace a value error by clipping into valid range in mov_read_stsc()
- avformat/bintext: Reduce detection for random .bin files as it more likely is not a multimedia related file
- avformat/mov: Break out early if chunk_count is 0 in mov_build_index()
- avcodec/fic: Avoid some magic numbers related to cursors
- avcodec/mpeg4video: Detect reference studio streams as studio streams
- avcodec/mpeg4videodec: Do not corrupt bits_per_raw_sample
- avcodec/mpeg4videode: Eliminate out of loop VOP startcode reading for studio profile
- avcodec/g2meet: ask for sample with overflowing RGB
- avcodec/idctdsp: Transmit studio_profile to init instead of using AVCodecContext profile
- avcodec/ac3dec: Check that the number of channels with dependant streams is valid
- avcodec/ac3dec: Fix null pointer dereference in ac3_decode_frame()
- avcodec/aacdec_fixed: use 64bit to avoid overflow in rounding in apply_dependent_coupling_fixed()
- oavcodec/aacpsdsp_template: Use unsigned for hs0X to prevent undefined behavior
- avcodec/g723_1dec: Clip bits2 in both directions
- avcodec/mpeg4videoenc: Use 64 bit for times in mpeg4_encode_gop_header()
- avcodec/mlpdec: Only change noise_type if the related fields are valid
- indeo4: Decode all or nothing of a band header.
- avcodec/ac3dec: Use frame_size if superframe_size is 0
- avformat/mov: Only fail for STCO/STSC contradictions if both exist
- avcodec/dirac_dwt: Fix integer overflow in COMPOSE_DD97iH0 / COMPOSE_DD137iL0
- avcodec/fic: Check available input space for cursor
- avcodec/mpeg4videodec: Check bps (VOL header) before VOP for studio profile
- avcodec/g2meet: Check RGB upper limit
- avcodec/jpeg2000dec: Fix undefined shift in the jpeg2000_decode_packets_po_iteration() CPRL case
- avcodec/jpeg2000dec: Skip init for component in CPRL if nothing is to be done
- avcodec/g2meet: Change order of operations to avoid undefined behavior
- avcodec/flac_parser: Fix infinite loop
- avcodec/mpeg4videodec: Split decode_studio_vol_header() out of decode_studiovisualobject()
- avcodec/mpeg4videodec: Move decode_studiovisualobject() parsing in the branch for visual object parsing
- avcodec/mpeg4video_parser: Avoid litteral 0x1B6, use named constant instead
- avcodec/mpeg4video_parser: Fix incorrect spliting of MPEG-4 studio frames
- avformat/m4vdec: Use the same constant names as libavcodec
- avformat/m4vdec: Fix detection of raw MPEG-4 ES Studio
- avcodec/wavpack: Fix integer overflow in DEC_MED() / INC_MED()
- avcodec/wavpack: Fix integer overflow in wv_unpack_stereo()
- avcodec/error_resilience: Fix integer overflow in filter181()
- avcodec/h263dec: Check slice_ret in mspeg4 slice loop
- avcodec/elsdec: Fix memleaks
- avcodec/vc1_block: simplify ac_val computation
- avcodec/ffv1enc: Check that the crc + version combination is supported
- configure: The eac3_core bitstream filter needs the ac3 parser.
- configure: fix arm inline asm checks
- lavf/libssh: translate a read of 0 to EOF
- ffprobe: fix SEGV when new streams are added
- avformat/mpegts: fix incorrect indentation
- avformat/mpegts: initialize section_buf to fix valgrind test failure
- avformat/mpegts: reindent after last change
- avformat/mpegts: parse sections with multiple tables
- avformat/mpegts: clean up whitespace
- avformat/mpegts: use MAX_SECTION_SIZE instead of hardcoded value
- avformat/mpegts: skip non-PMT tids earlier
- avcodec/mediacodecdec: add workaround for buggy amlogic mpeg2 decoder
- avcodec/mediacodecdec: wait on first frame after input buffers are full
- avcodec/mediacodecdec: restructure mediacodec_receive_frame
- avcodec/mediacodec_wrapper: add helper to fetch SDK_INT
- avcodec/mediacodecdec: refactor pts handling
- avcodec/mediacodecdec: use AV_TIME_BASE_Q
- avcodec/mediacodecdec: clarify delay_flush specific code
- avcodec/videotoolbox: fix decoding of some HEVC videos
- avcodec/hevc: remove videotoolbox hack
- avcodec/videotoolbox: split h264/hevc callbacks
- avcodec/videotoolbox: cleanups
- avcodec/videotoolbox: fix kVTCouldNotFindVideoDecoderErr trying to decode HEVC on iOS
- avcodec/videotoolbox: improve logging of decoder errors
- avcodec/xwddec: fix palette alpha
- avformat/webm_chunk: always use a static buffer for get_chunk_filename
- configure: fix configure check for lilv-0
- avcodec/nvdec_hevc: fix scaling lists
- avcodec/hevcdec: make ff_hevc_frame_nb_refs take a const pointer
- lavf/bluray: translate a read of 0 to EOF
- lavf/dashenc: don't call flush_init_segment before avformat_write_header
- avdevice/decklink_dec: unref packets on avpacket_queue_put error
- avcodec/hnm4video: fix palette alpha
- avcodec/anm: fix palette alpha
- avformat/qtpalette: parse color table according to the QuickTime file format specs
- ffplay: Fix realloc_texture when input texture is NULL.
- hwcontext_vaapi: Fix compilation with libva versions < 1.4.0
- lavf/qsv: clone the frame which may be managed by framework
- lavf: make overlay_qsv work based on framesync
- avformat/segafilm - revert keyframe detection
- avformat/utils: refactor upstream_stream_timings
- avformat/utils: ignore outlier durations on subtitle/data streams as well
The package provides means of loading maths alphabets (such as
are normally addressed via macros \mathcal, \mathbb, \mathfrak
and \mathscr), offering various features normally missing in
existing packages for this job.
Major changes in 1.16.1 (2018-05-03)
This is a bug fix release.
Fix flaws in LDAP DN checking, including a null dereference KDC crash which could be triggered by kadmin clients with administrative privileges [CVE-2018-5729, CVE-2018-5730].
Fix a KDC PKINIT memory leak.
Fix a small KDC memory leak on transited or authdata errors when processing TGS requests.
Fix a regression in pkinit_cert_match matching of client certificates containing Microsoft UPN SANs.
Fix a null dereference when the KDC sends a large TGS reply.
Fix "kdestroy -A" with the KCM credential cache type.
Allow validation of Microsoft PACs containing enterprise names.
Fix the handling of capaths "." values.
Fix handling of repeated subsection specifications in profile files (such as when multiple included files specify relations in the same subsection).
Major changes in 1.16 (2017-12-05)
Administrator experience:
The KDC can match PKINIT client certificates against the "pkinit_cert_match" string attribute on the client principal entry, using the same syntax as the existing "pkinit_cert_match" profile option.
The ktutil addent command supports the "-k 0" option to ignore the key version, and the "-s" option to use a non-default salt string.
kpropd supports a --pid-file option to write a pid file at startup, when it is run in standalone mode.
The "encrypted_challenge_indicator" realm option can be used to attach an authentication indicator to tickets obtained using FAST encrypted challenge pre-authentication.
Localization support can be disabled at build time with the --disable-nls configure option.
Developer experience:
The kdcpolicy pluggable interface allows modules control whether tickets are issued by the KDC.
The kadm5_auth pluggable interface allows modules to control whether kadmind grants access to a kadmin request.
The certauth pluggable interface allows modules to control which PKINIT client certificates can authenticate to which client principals.
KDB modules can use the client and KDC interface IP addresses to determine whether to allow an AS request.
GSS applications can query the bit strength of a krb5 GSS context using the GSS_C_SEC_CONTEXT_SASL_SSF OID with gss_inquire_sec_context_by_oid().
GSS applications can query the impersonator name of a krb5 GSS credential using the GSS_KRB5_GET_CRED_IMPERSONATOR OID with gss_inquire_cred_by_oid().
kdcpreauth modules can query the KDC for the canonicalized requested client principal name, or match a principal name against the requested client principal name with canonicalization.
Protocol evolution:
The client library will continue to try pre-authentication mechanisms after most failure conditions.
The KDC will issue trivially renewable tickets (where the renewable lifetime is equal to or less than the ticket lifetime) if requested by the client, to be friendlier to scripts.
The client library will use a random nonce for TGS requests instead of the current system time.
For the RC4 string-to-key or PAC operations, UTF-16 is supported (previously only UCS-2 was supported).
When matching PKINIT client certificates, UPN SANs will be matched correctly as UPNs, with canonicalization.
User experience:
Dates after the year 2038 are accepted (provided that the platform time facilities support them), through the year 2106.
Automatic credential cache selection based on the client realm will take into account the fallback realm and the service hostname.
Referral and alternate cross-realm TGTs will not be cached, avoiding some scenarios where they can be added to the credential cache multiple times.
A German translation has been added.
Code quality:
The build is warning-clean under clang with the configured warning options.
The automated test suite runs cleanly under AddressSanitizer.
Major changes in 1.15.3 (2018-05-03)
This is a bug fix release.
Fix flaws in LDAP DN checking, including a null dereference KDC crash which could be triggered by kadmin clients with administrative privileges [CVE-2018-5729, CVE-2018-5730].
Fix a KDC PKINIT memory leak.
Fix a small KDC memory leak on transited or authdata errors when processing TGS requests.
Fix a null dereference when the KDC sends a large TGS reply.
Fix "kdestroy -A" with the KCM credential cache type.
Fix the handling of capaths "." values.
Fix handling of repeated subsection specifications in profile files (such as when multiple included files specify relations in the same subsection).
Major changes in 1.15.2 (2017-09-25)
This is a bug fix release.
Fix a KDC denial of service vulnerability caused by unset status strings [CVE-2017-11368]
Preserve GSS contexts on init/accept failure [CVE-2017-11462]
Fix kadm5 setkey operation with LDAP KDB module
Use a ten-second timeout after successful connection for HTTPS KDC requests, as we do for TCP requests
Fix client null dereference when KDC offers encrypted challenge without FAST
Ignore dotfiles when processing profile includedir directive
Improve documentation
Major changes in 1.15.1 (2017-03-01)
This is a bug fix release.
Allow KDB modules to determine how the e_data field of principal fields is freed
Fix udp_preference_limit when the KDC location is configured with SRV records
Fix KDC and kadmind startup on some IPv4-only systems
Fix the processing of PKINIT certificate matching rules which have two components and no explicit relation
Improve documentation
Major changes in 1.15 (2016-12-01)
Administrator experience:
Improve support for multihomed Kerberos servers by adding options for specifying restricted listening addresses for the KDC and kadmind.
Add support to kadmin for remote extraction of current keys without changing them (requires a special kadmin permission that is excluded from the wildcard permission), with the exception of highly protected keys.
Add a lockdown_keys principal attribute to prevent retrieval of the principal's keys (old or new) via the kadmin protocol. In newly created databases, this attribute is set on the krbtgt and kadmin principals.
Restore recursive dump capability for DB2 back end, so sites can more easily recover from database corruption resulting from power failure events.
Add DNS auto-discovery of KDC and kpasswd servers from URI records, in addition to SRV records. URI records can convey TCP and UDP servers and master KDC status in a single DNS lookup, and can also point to HTTPS proxy servers.
Add support for password history to the LDAP back end.
Add support for principal renaming to the LDAP back end.
Use the getrandom system call on supported Linux kernels to avoid blocking problems when getting entropy from the operating system.
In the PKINIT client, use the correct DigestInfo encoding for PKCS #1 signatures, so that some especially strict smart cards will work.
Code quality:
Clean up numerous compilation warnings.
Remove various infrequently built modules, including some preauth modules that were not built by default.
Developer experience:
Add support for building with OpenSSL 1.1.
Use SHA-256 instead of MD5 for (non-cryptographic) hashing of authenticators in the replay cache. This helps sites that must build with FIPS 140 conformant libraries that lack MD5.
Eliminate util/reconf and allow the use of autoreconf alone to regenerate the configure script.
Protocol evolution:
Add support for the AES-SHA2 enctypes, which allows sites to conform to Suite B crypto requirements.
Aspic is a program that processes a textual description of a line
art graphic, and converts it into a form that is suitable for
inclusion in another document. The default output format is
Encapsulated PostScript, but there is also support for Scalable
Vector Graphics (SVG), and there is legacy support for the SGCAL
text processor.
SDoP is a Simple DocBook Processor. It reads DocBook XML input and
writes PostScript output. This version has some support for almost
all the elements that are part of Simplified DocBook. The main
omissions are support for bibliographies, multiple authors, subtables
within tables, and some element attributes.
xfpt is a program that reads a marked-up ASCII source file, and
converts it into XML. It was written with DocBook XML in mind, but
can also be used for other forms of XML. Unlike AsciiDoc, xfpt does
not try to produce XML from a document that is also usable as a
freestanding ASCII document. The input for xfpt is very definitely
"marked up". This makes it less ambiguous for large and/or complicated
documents. xfpt is also much faster than AsciiDoc because it is
written in C and does not rely on pattern matching.
0.48.0:
- Add NullHandler to logger to fix python 2 issue.
- Fix the issue that websocket status message may not present
- Socket error not raised in nested try except in python2
- Load system default certificates if none are given
- Fix waiting forever on ping/pong timeout
- socks5 via pysocks support
- v0.47.0 breaks ability to stop stream with run_forever
- _http.py: fix windows proxy error due to socktype
This package shares a PKG_OPTIONS variable with the other ffmpeg
packages, so a user who requests the x264 option for them will end
up with a broken package for ffmpeg010.
This package shares a PKG_OPTIONS variable with the other ffmpeg
packages, so a user who requests the x264 option for them will end
up with a broken package for ffmpeg1.
Only one patch, fixing keymap compilation errors when the keycodes maximum
is set to a value above the permitted X11 maximum of 255. While we already
ignored keys with codes above 255, we still failed on the maximum=374;
line that xkeyboard-config 2.24 produces now.
Furl v1.1
Fixed: Support and preserve all query strings as provided. For example, preserve
the query '&&==' of 'http://foo.com?&&==' as-is. Empty key=value pairs are
stored as ('', None) in Query.params, e.g. [('', None), ('', None)] for the
query '&'.
Changed: Don't encode equal signs ('=') in query values if the key is empty.
That is, allow and preserve queries like '?==3==' while also percent encoding
equal signs in query values with an associted key, as expected. E.g.
'?a=1%3D1'.
Changes 2.8:
add support for setting atime, ctime, mtime and birthtime
tell libarchive when writing an archive is aborted due to an exception
add support for getting uid and gid
add support for high resolution timestamps
add two new archive readers: stream_reader and custom_reader
add missing archive extraction flags
add the lz4 and warc formats
add support for write options and uid/gid lookup
Version 0.11.1:
Enable test case for urlpatterns variable which was previously disabled
Disable unused-argument message for the request argument passed to view functions.
Add transformations for model_utils managers instead of special-casing them.
v0.4.0
This version made some changes to how JS and CSS were included when the theme is used on Read the Docs.
Fixes
- Do not rely on readthedocs.org for CSS/JS
- Color accessibility improvements on the left navigation
Other Changes
- Write theme version and build date at top of JavaScript and CSS
- Changed code and literals to use a native font stack
- Fix small styling issues
2.5.4:
Fix: Cannot read files with 3D charts.
Fix: Merged cells take a long time to parse
Minor changes
Improve read support for pivot tables and don't always create a Filters child for filterColumn objects.
Support folding rows
