Curl and libcurl 7.56.1
This release includes the following bugfixes:
o imap: if a FETCH response has no size, don't call write callback
o ftp: UBsan fixup 'pointer index expression overflowed
o failf: skip the sprintf() if there are no consumers
o fuzzer: move to using external curl-fuzzer
o lib/Makefile.m32: allow customizing dll suffixes
o docs: fix typo in curl_mime_data_cb man page
o darwinssl: add support for TLSv1.3
o build: fix --disable-crypto-auth
o lib/config-win32.h: let SMB/SMBS be enabled with OpenSSL/NSS
o openssl: fix build without HAVE_OPAQUE_EVP_PKEY
o strtoofft: Remove extraneous null check
o multi_cleanup: call DONE on handles that never got that
o tests: added flaky keyword to tests 587 and 644
o pingpong: return error when trying to send without connection
o remove_handle: call multi_done() first, then clear dns cache pointer
o mime: be tolerant about setting twice the same header list in a part.
o mime: improve unbinding top multipart from easy handle.
o mime: avoid resetting a part's encoder when part's contents change.
o mime: refuse to add subparts to one of their own descendants
o RTSP: avoid integer overflow on funny RTSP responses
o curl: don't pass semicolons when parsing Content-Disposition
o openssl: enable PKCS12 support for !BoringSSL
o FAQ: s/CURLOPT_PROGRESSFUNCTION/CURLOPT_XFERINFOFUNCTION
o CURLOPT_NOPROGRESS.3: also refer to xferinfofunction
o CURLOPT_XFERINFODATA.3: fix duplicate see also
o test298: verify --ftp-method nowcwd with URL encoded path
o FTP: URL decode path for dir listing in nocwd mode
o smtp_done: fix memory leak on send failure
o ftpserver: support case insensitive commands
o test950; verify SMTP with custom request
o openssl: don't use old BORINGSSL_YYYYMM macros
o setopt: update current connection SSL verify params
o winbuild/BUILD.WINDOWS.txt: mention WITH_NGHTTP2
o curl: reimplement stdin buffering in -F option
o mime: keep "text/plain" content type if user-specified
o mime: fix the content reader to handle >16K data properly
o configure: remove the C++ compiler check
o memdebug: trace send, recv and socket
o runtests: use valgrind for torture as well
o ldap: silence clang warning
o makefile.m32: allow to override gcc, ar and ranlib
o setopt: avoid integer overflows when setting millsecond values
o setopt: range check most long options
o ftp: reject illegal IP/port in PASV 227 response
o mime: do not reuse previously computed multipart size
o vtls: change struct Curl_ssl `close' field name to `close_one'
o os400: add missing symbols in config file
o mime: limit bas64-encoded lines length to 76 characters
o mk-ca-bundle: Remove URL for aurora
o mk-ca-bundle: Fix URL for NSS
2.0.29:
- Bugfix: Preserve submit order for radio inputs.
- Fixed 186: avoid UnicodeDecodeError in linter with py2 when a header contain
non ascii chars
2.3.0:
Features
--------
Add SSL related params to ClientSession.request
Make enable_compression work on HTTP/1.0
Deprecate registering synchronous web handlers
Switch to multidict 3.0. All HTTP headers preserve casing now but compared in case-insensitive way.
Improvement for normalize_path_middleware. Added possibility to handle URLs with query string.
Use towncrier for CHANGES.txt build
Implement trust_env=True param in ClientSession.
Added variable to customize proxy headers
Implement router.add_routes and router decorators.
Deprecated BaseRequest.has_body in favor of BaseRequest.can_read_body Added BaseRequest.body_exists attribute that stays static for the lifetime of the request
Provide BaseRequest.loop attribute
Make _CoroGuard awaitable and fix ClientSession.close warning message
Responses to redirects without Location header are returned instead of raising a RuntimeError
Added get_client, get_server, setUpAsync and tearDownAsync methods to AioHTTPTestCase
Add automatically a SafeChildWatcher to the test loop
add ability to disable automatic response decompression
Add support for throttling DNS request, avoiding the requests saturation when there is a miss in the DNS cache and many requests getting into the connector at the same time.
Use request for getting access log information instead of message/transport pair. Add RequestBase.remote property for accessing to IP of client initiated HTTP request.
json() raises a ContentTypeError exception if the content-type does not meet the requirements instead of raising a generic ClientResponseError.
Make the HTTP client able to return HTTP chunks when chunked transfer encoding is used.
add append_version arg into StaticResource.url and StaticResource.url_for methods for getting an url with hash (version) of the file.
Fix parsing the Forwarded header. * commas and semicolons are allowed inside quoted-strings; * empty forwarded-pairs (as in for=_1;;by=_2) are allowed; * non-standard parameters are allowed (although this alone could be easily done in the previous parser).
Don’t require ssl module to run. aiohttp does not require SSL to function. The code paths involved with SSL will only be hit upon SSL usage. Raise RuntimeError if HTTPS protocol is required but ssl module is not present.
Accept coroutine fixtures in pytest plugin
Call shutdown_asyncgens before event loop closing on Python 3.6.
Speed up Signals when there are no receivers
Raise InvalidURL instead of ValueError on fetches with invalid URL.
Move DummyCookieJar into cookiejar.py
run_app: Make print=None disable printing
Support brotli encoding (generic-purpose lossless compression algorithm)
Add server support for WebSockets Per-Message Deflate. Add client option to add deflate compress header in WebSockets request header. If calling ClientSession.ws_connect() with compress=15 the client will support deflate compress negotiation.
Support verify_ssl, fingerprint, ssl_context and proxy_headers by client.ws_connect.
Added aiohttp.ClientConnectorSSLError when connection fails due ssl.SSLError
aiohttp.web.Application.make_handler support access_log_class
Build HTTP parser extension in non-strict mode by default.
Bugfixes
--------
Clear auth information on redirecting to other domain
Fix missing app.loop on startup hooks during tests
Fix issue with synchronous session closing when using ClientSession as an asynchronous context manager.
Fix issue with CookieJar incorrectly expiring cookies in some edge cases.
Force use of IPv4 during test, this will make tests run in a Docker container
Warnings about unawaited coroutines now correctly point to the user’s code.
Fix issue with IndexError being raised by the StreamReader.iter_chunks() generator.
Support HTTP 308 Permanent redirect in client class.
Fix FileResponse sending empty chunked body on 304.
Do not add Content-Length: 0 to GET/HEAD/TRACE/OPTIONS requests by default.
Fix parsing the Forwarded header according to RFC 7239.
Securely determining remote/scheme/host
Fix header name parsing, if name is split into multiple lines
Handle session close during connection, KeyError: <aiohttp.connector._TransportPlaceholder>
Fixes uncaught TypeError in helpers.guess_filename if name is not a string
Raise OSError on async DNS lookup if resolved domain is an alias for another one, which does not have an A or CNAME record.
Fix incorrect warning in StreamReader.
Properly clone state of web request
Fix C HTTP parser for cases when status line is split into different TCP packets.
Fix web.FileResponse overriding user supplied Content-Type
5.2.0
Allow setting token via jupyter_token env.
Fix some errors caused by raising 403 in get_current_user.
Register contents_manager.files_handler_class directly.
Ensure that keyboard shortcuts are disabled when editing them.
Make all files in the dashboard editable by default and provide a whitelist of viewable file extensions.
The root directory of the notebook server should never be hidden.
Fix notebook require config to match tools/build-main.
Give page constructor default arguments.
Fix codemirror.less to match codemirror's expected padding layout.
Addx-xsrftoken to access-control-allow-headers.
Buffer messages when websocket connection is interrupted.
Load locale dynamically only when not en-us.
Changed key strength to 2048 bits.
Resyncjsversion with python version.
Allow copy operation on modified, read-only notebook.
Update error handling on apihandlers.
Test python 3.6 on travis, drop 3.3.
Avoid base64-literals in image tests.
Upgrade xterm.js to 2.9.2.
Changed all python variables named file to file_name to not override built_in file.
Add more doc tests.
Typos fix.
Rename and update license.
Travis builds doc.
Pull request i18n.
Factor out output_prompt_function, as is done with input prompt.
Use rfc5987 encoding for filenames.
Added path to the resources metadata, the same as in from_filename(...) in nbconvert.exporters.py.
Make "extrakeys" consistent for notebook and editor.
Bidi support.
4.4.0:
- Explicitly state that metadata fields can be ignored.
- Introduce official jupyter namespace inside metadata (``metadata.jupyter``).
- Introduce ``source_hidden`` and ``outputs_hidden`` as official front-end
metadata fields to indicate hiding source and outputs areas. **NB**: These
fields should not be used to hide elements in exported formats.
- Fix ending the redundant storage of signatures in the signature database.
- :func:`nbformat.validate` can be set to not raise a ValidationError if
additional properties are included.
- Fix for errors with connecting and backing up the signature database.
- Dict-like objects added to NotebookNode attributes are now transformed to be
NotebookNode objects; transformation also works for `.update()`.
7.47 2017-10-05
- Added multipart content generator to Mojo::UserAgent::Transactor.
- Fixed a bug in Mojo::File where parts of a path could get accidentally
upgraded from bytes to characters.
This plugin is a generic drag-and-drop ordering module for sorting objects in
the List, the Stacked- and the Tabular-Inlines Views in the Django Admin
interface.
This module offers simple mixin classes which enrich the functionality of any
existing class derived from admin.ModelAdmin, admin.StackedInline or
admin.TabularInline.
Thus it makes it very easy to integrate with existing models and their model
admin interfaces. Existing models can inherit from models.Model or any other
class derived thereof. No special base class is required.
and exporting data with included admin integration.
Features:
* support multiple formats (Excel, CSV, JSON, ... and everything else that
tablib support)
* admin integration for importing
* preview import changes
* admin integration for exporting
* export data respecting admin filters
Version 3.7.1
Fix Interactive documentation always uses false for boolean fields in requests
Improve compatibility with Django 2.0 alpha.
Improved handling of schema naming collisions
Added additional docs and tests around providing a default value for dotted source fields
1.1.0:
Features
* Waitress now has a __main__ and thus may be called with python -mwaitress
Bugfixes
* Waitress no longer allows lowercase HTTP verbs. This change was made to fall in line with most HTTP servers.
* When receiving non-ascii bytes in the request URL, waitress will no longer abruptly close the connection, instead returning a 400 Bad Request.
Contao 4.4.7 is available 12.10.2017 16:12 by Leo Feyer
Contao version 4.4.7 is available. The bugfix release fixes several minor
issues, including a problem with the back end referrer management.
Version 5.0:
No longer allow multiple=True and null=True together. This causes problems saving the field, and null shouldn’t really be used anyway because the country field is a subclass of CharField.
The curl() and curl_download() functions provide highly configurable
drop-in replacements for base url() and download.file() with better
performance, support for encryption (https, ftps), gzip compression,
authentication, and other 'libcurl' goodies. The core of the package
implements a framework for performing fully customized requests where
data can be processed either in memory, on disk, or streaming via the
callback or connection interfaces.
Changelog:
Nextcloud 12.0.3 delivers a lot of enhancements in various areas including:
A number of improvements to email notification templates
2FA enhancements
Smarter LDAP password handling
File Drop and upload-in-general updates
A performance improvement handling large files
llgal (0.13.19)
* The llgal website has moved to http://bgoglin.free.fr/llgal
* The repository moved to http://github.com/bgoglin/llgal
* The mailing list is now llgal@googlegroups.com
-- Brice Goglin <Brice.Goglin@ens-lyon.org> Thu, 10 Aug 2017 20:24:00 +0200
llgal (0.13.18)
* Fix slidenames for subgalleries when -n is used
(reported by Richard Betham in Debian bug #652929).
* Fix the recognition of existing captions file entries when filenames
contain special characters.
* Check whether there is a user-given thumbnail before listing as links
when -L is given.
Thanks to Gabor Kiss for the patch in Debian bug #683809.
* Make --cf work with subdirectory entries by not removing the extension
and just using the entire directory name (reported by Bruno Raoult).
* New option (thumbnails_dimensions_from_css) to avoid any thumbnail
dimension in generated HTML.
* Add support for replacing <!--EXIF-*--> with the corresponding Exif
tag in the slide template. Thanks to Charles Nepote.
* Really initialize exiftool only once per gallery.
-- Brice Goglin <Brice.Goglin@ens-lyon.org> Mon, 01 Aug 2016 22:25:00 +0200
llgal (0.13.17)
* Fix the description of -n in the manpage (thanks Paul Menzel
in Debian bug #579096).
* Fix miscellaneous typos everywhere, reported by Debian's lintian.
* Adapt default convert command-line for graphicsmagick compatibility
(reported by Kenyon Ralph in Debian bug #604106).
-- Brice Goglin <Brice.Goglin@ens-lyon.org> Tue, 02 Aug 2011 12:31:00 +0100
Version 3.5.30 (2017-10-06)
---------------------------
### Fixed
Filter multi-day events outside the scope in the event list (see #8792).
### Fixed
Correctly show multi-day events if the shortened view is disabled (see #8782).
1.8.0:
- Updated return formats for not content negotiation situations
- Included license in the MANIFEST
- Added explicit support for RDF/XML as allowed format
- Added proper shebang
- Moved keepalive as optional dependency
- Fixed hash check on prefixes
- Fixed epydoc warnings
Bugfixes:
* Made the CharField form field convert whitespace-only values to the empty_value when strip is enabled.
* Fixed crash when using the name of a model’s autogenerated primary key (id) in an Index’s fields.
* Fixed a regression in Django 1.9 where a custom view error handler such as handler404 that accesses csrf_token could cause CSRF verification failures on other pages
Version 0.8
Main changes:
* `Browser` and `StatefulBrowser` can now be configured to raise a
`LinkNotFound` exception when encountering a 404 Not Found error.
This is activated by passing `raise_on_404=True` to the constructor.
It is disabled by default for backward compatibility, but is highly
recommanded.
* `Browser` now has a `__del__` method that closes the current session
when the object is deleted.
* A `Link` object can now be passed to `follow_link`.
* The user agent can now be customized. The default includes
`MechanicalSoup` and its version.
* There is now a direct interface to the cookiejar in `*Browser`
classes (`(set|get)_cookiejar` methods).
* This is the last MechanicalSoup version supporting Python 2.6 and
3.3.
Bug fixes:
* We used to crash on forms without action="..." fields.
* The `choose_submit` method has been fixed, and the `btnName`
argument of `StatefulBrowser.submit_selected` is now a shortcut for
using `choose_submit`.
* Arguments to `open_relative` were not properly forwarded.
Internal changes:
* The testsuite has been greatly improved. It now uses the pytest API
(not only the `pytest` launcher) for more concise code.
* The coverage of the testsuite is now measured with codecov.io. The
results can be viewed on:
https://codecov.io/gh/hickford/MechanicalSoup
* We now have a requires.io badge to help us tracking issues with
dependencies. The report can be viewed on:
https://requires.io/github/hickford/MechanicalSoup/requirements/
* The version number now appears in a single place in the source code.
Changes with Apache 2.4.28
*) SECURITY: CVE-2017-9798 (cve.mitre.org)
Corrupted or freed memory access. <Limit[Except]> must now be used in the
main configuration file (httpd.conf) to register HTTP methods before the
.htaccess files.
*) event: Avoid possible blocking in the listener thread when shutting down
connections.
*) mod_speling: Don't embed referer data in a link in error page.
*) htdigest: prevent a buffer overflow when a string exceeds the allowed max
length in a password file.
*) mod_proxy: loadfactor parameter can now be a decimal number (eg: 1.25).
*) mod_proxy_wstunnel: Allow upgrade to any protocol dynamically.
*) mod_watchdog/mod_proxy_hcheck: Time intervals can now be spefified
down to the millisecond. Supports 'mi' (minute), 'ms' (millisecond),
's' (second) and 'hr' (hour!) time suffixes.
*) mod_http2: Fix for stalling when more than 32KB are written to a
suspended stream.
*) build: allow configuration without APR sources.
*) mod_ssl, ab: Fix compatibility with LibreSSL.
*) core/log: Support use of optional "tag" in syslog entries.
*) mod_proxy: Fix ProxyAddHeaders merging.
*) core: Disallow multiple Listen on the same IP:port when listener buckets
are configured (ListenCoresBucketsRatio > 0), consistently with the single
bucket case (default), thus avoiding the leak of the corresponding socket
descriptors on graceful restart.
*) event: Avoid listener periodic wake ups by using the pollset wake-ability
when available.
*) mod_proxy_wstunnel: Fix detection of unresponded request which could have
led to spurious HTTP 502 error messages sent on upgrade connections.
Version 2.1.1:
**Bug fixes**
* Fix ``setup.py`` opening files when ``LANG=``.
Version 2.1:
**Security fixes**
* Convert control characters (backspace particularly) to "?" preventing
malicious copy-and-paste situations.
See `<https://github.com/mozilla/bleach/issues/298>`_ for more details.
This affects all previous versions of Bleach. Check the comments on that
issue for ways to alleviate the issue if you can't upgrade to Bleach 2.1.
**Backwards incompatible changes**
* Redid versioning. ``bleach.VERSION`` is no longer available. Use the string
version at ``bleach.__version__`` and parse it with
``pkg_resources.parse_version``.
* clean, linkify: linkify and clean should only accept text types
* clean, linkify: accept only unicode or utf-8-encoded str
**Bug fixes**
* ``bleach.clean()`` no longer unescapes entities including ones that are missing
a ``;`` at the end which can happen in urls and other places.
* linkify: fix http links inside of mailto links
* clarify security policy in docs
* fix dependency specification for html5lib 1.0b8, 1.0b9, and 1.0b10
* add Bleach vs. html5lib comparison to README
* fix KeyError exceptions on tags without href attr
* add test website and scripts to test ``bleach.clean()`` output in browser
2.1:
Added testing for Django 1.11 (no code changes were required).
Added support for Django 2.0.
Dropped testing for Python 3.3 (now end-of-life) on Django 1.8.
Curl and libcurl 7.56.0
This release includes the following changes:
o curl: enable compression for SCP/SFTP with --compressed-ssh [11]
o libcurl: enable compression for SCP/SFTP with CURLOPT_SSH_COMPRESSION [11]
o vtls: added dynamic changing SSL backend with curl_global_sslset() [28]
o new MIME API, curl_mime_init() and friends [32]
o openssl: initial SSLKEYLOGFILE implementation [36]
This release includes the following bugfixes:
o FTP: zero terminate the entry path even on bad input [67]
o examples/ftpuploadresume.c: use portable code
o runtests: match keywords case insensitively
o travis: build the examples too [1]
o strtoofft: reduce integer overflow risks globally [2]
o zsh.pl: produce a working completion script again [3]
o cmake: remove dead code for CURL_DISABLE_RTMP [4]
o progress: Track total times following redirects [5]
o configure: fix --disable-threaded-resolver [6]
o cmake: remove dead code for DISABLED_THREADSAFE [7]
o configure: fix clang version detection
o darwinssi: fix error: variable length array used
o travis: add metalink to some osx builds [8]
o configure: check for __builtin_available() availability [9]
o http_proxy: fix build error for CURL_DOES_CONVERSIONS [10]
o examples/ftpuploadresume: checksrc compliance
o ftp: fix CWD when doing multicwd then nocwd on same connection [12]
o system.h: remove all CURL_SIZEOF_* defines [13]
o http: Don't wait on CONNECT when there is no proxy [14]
o system.h: check for __ppc__ as well [15]
o http2_recv: return error better on fatal h2 errors [16]
o scripts/contri*sh: use "git log --use-mailmap"
o tftp: fix memory leak on too long filename [17]
o system.h: fix build for hppa [18]
o cmake: enable picky compiler options with clang and gcc [19]
o makefile.m32: add support for libidn2 [20]
o curl: turn off MinGW CRT's globbing [21]
o request-target.d: mention added in 7.55.0
o curl: shorten and clean up CA cert verification error message [22]
o imap: support PREAUTH [23]
o CURLOPT_USERPWD.3: see also CURLOPT_PROXYUSERPWD
o examples/threaded-ssl: mention that this is for openssl before 1.1
o winbuild: fix embedded manifest option [24]
o tests: Make sure libtests & unittests call curl_global_cleanup()
o system.h: include sys/poll.h for AIX [25]
o darwinssl: handle long strings in TLS certs [26]
o strtooff: fix build for systems with long long but no strtoll [27]
o asyn-thread: Improved cleanup after OOM situations
o HELP-US.md: "How to get started helping out in the curl project" [29]
o curl.h: CURLSSLBACKEND_WOLFSSL used wrong value [30]
o unit1301: fix error message on first test
o ossfuzz: moving towards the ideal integration [31]
o http: fix a memory leakage in checkrtspprefix()
o examples/post-callback: stop returning one byte at a time
o schannel: return CURLE_SSL_CACERT on failed verification [33]
o MAIL-ETIQUETTE: added "1.9 Your emails are public"
o http-proxy: treat all 2xx as CONNECT success [34]
o openssl: use OpenSSL's default ciphers by default [35]
o runtests.pl: support attribute "nonewline" in part verify/upload
o configure: remove --enable-soname-bump and SONAME_BUMP [37]
o travis: add c-ares enabled builds linux + osx [38]
o vtls: fix WolfSSL 3.12 build problems [39]
o http-proxy: when not doing CONNECT, that phase is done immediately [40]
o configure: fix curl_off_t check's include order [41]
o configure: use -Wno-varargs on clang 3.9[.X] debug builds
o rtsp: do not call fwrite() with NULL pointer FILE * [42]
o mbedtls: enable CA path processing [43]
o travis: add build without HTTP/SMTP/IMAP
o checksrc: verify more code style rules [44]
o HTTP proxy: on connection re-use, still use the new remote port [45]
o tests: add initial gssapi test using stub implementation [46]
o rtsp: Segfault when using WRITEDATA [47]
o docs: clarify the CURLOPT_INTERLEAVE* options behavior
o non-ascii: use iconv() with 'char **' argument [48]
o server/getpart: provide dummy function to build conversion enabled
o conversions: fix several compiler warnings
o openssl: add missing includes [49]
o schannel: Support partial send for when data is too large [50]
o socks: fix incorrect port number in SOCKS4 error message [51]
o curl: fix integer overflow in timeout options [52]
o travis: on mac, don't install openssl or libidn [53]
o cookies: reject oversized cookies instead of truncating [54]
o cookies: use lock when using CURLINFO_COOKIELIST [55]
o curl: check fseek() return code and bail on error
o examples/post-callback: use long for CURLOPT_POSTFIELDSIZE
o openssl: only verify RSA private key if supported [56]
o tests: make the imap server not verify user+password [57]
o imap: quote atoms properly when escaping characters [58]
o tests: fix a compiler warning in test 643
o file_range: avoid integer overflow when figuring out byte range [59]
o curl.h: include <sys/select.h> on cygwin too [60]
o reuse_conn: don't copy flags that are known to be equal [61]
o http: fix adding custom empty headers to repeated requests [62]
o docs: clarify the use of environment variables for proxy [63]
o docs: link CURLOPT_CONNECTTIMEOUT and CURLOPT_CONNECTTIMEOUT_MS [64]
o connect: fix race condition with happy eyeballs timeout [65]
o cookie: fix memory leak if path was set twice in header [66]
o vtls: compare and clone ssl configs properly [68]
o proxy: read the "no_proxy" variable only if necessary [69]
