Version 1.2.9
Fixed issue where chaining multiple join elements inside of Query.join() might not correctly adapt to the previous left-hand side, when chaining joined inheritance classes that share the same base class.
Fixed bug in cache key generation for baked queries which could cause a too-short cache key to be generated for the case of eager loads across subclasses. This could in turn cause the eagerload query to be cached in place of a non-eagerload query, or vice versa, for a polymorhic “selectin” load, or possibly for lazy loads or selectin loads as well.
Fixed bug in new polymorphic selectin loading where the BakedQuery used internally would be mutated by the given loader options, which would both inappropriately mutate the subclass query as well as carry over the effect to subsequent queries.
Fixed regression caused by 4256 (itself a regression fix for 4228) which breaks an undocumented behavior which converted for a non-sequence of entities passed directly to the Query constructor into a single-element sequence. While this behavior was never supported or documented, it’s already in use so has been added as a behavioral contract to Query.
Fixed an issue that was both a performance regression in 1.2 as well as an incorrect result regarding the “baked” lazy loader, involving the generation of cache keys from the original Query object’s loader options. If the loader options were built up in a “branched” style using common base elements for multiple options, the same options would be rendered into the cache key repeatedly, causing both a performance issue as well as generating the wrong cache key. This is fixed, along with a performance improvement when such “branched” options are applied via Query.options() to prevent the same option objects from being applied repeatedly.
version 0.9.10
The "op.drop_constraint()" directive will now render using repr() for
the schema name, in the same way that "schema" renders for all the other op
directives.
Added basic capabilities for external dialects to support rendering of
"nested" types, like arrays, in a manner similar to that of the Postgresql
dialect.
Fixed issue where "autoincrement=True" would not render for a column that
specified it, since as of SQLAlchemy 1.1 this is no longer the default
value for "autoincrement". Note the behavior only takes effect against the
SQLAlchemy 1.1.0 and higher; for pre-1.1 SQLAlchemy, "autoincrement=True"
does not render as was the case before.
Python 3.7.0 is the newest major release of the Python language, and it contains many new features and optimizations.
Among the major new features in Python 3.7 are:
PEP 539, new C API for thread-local storage
PEP 545, Python documentation translations
New documentation translations: Japanese, French, and Korean.
PEP 552, Deterministic pyc files
PEP 553, Built-in breakpoint()
PEP 557, Data Classes
PEP 560, Core support for typing module and generic types
PEP 562, Customization of access to module attributes
PEP 563, Postponed evaluation of annotations
PEP 564, Time functions with nanosecond resolution
PEP 565, Improved DeprecationWarning handling
PEP 567, Context Variables
Avoiding the use of ASCII as a default text encoding (PEP 538, legacy C locale coercion and PEP 540, forced UTF-8 runtime mode)
The insertion-order preservation nature of dict objects is now an official part of the Python language spec.
Notable performance improvements in many areas.
Version 3.6.6:
Core and Builtins
* Fix asynchronous generators to handle GeneratorExit in athrow() correctly
* Fixed reset of the SIGINT handler to SIG_DFL on interpreter shutdown even when there was a custom handler set previously.
* Fixed a leak when the garbage collector fails to add an object with the __del__ method or referenced by it into the gc.garbage list. PyGC_Collect() can now be called when an exception is set and preserves it.
* Fix signed/unsigned comparison warning in pyhash.c.
* Fix a leak in set_symmetric_difference().
* Fix unaligned accesses in siphash24().
* Fix potential memory leak in normalizestring().
* Improved error messages in ‘async with’ when __aenter__() or __aexit__() return non-awaitable object.
* Fix ma_version_tag in dict implementation is uninitialized when copying from key-sharing dict.
* Fixed jumping when the function contains an async for loop.
* Fix an unnecessary ifdef in the include of VersionHelpers.h in socketmodule on Windows.
* Fix a crash in ctypes.cast() in case the type argument is a ctypes structured data type.
Library
* Prevent site.main() exception if PYTHONSTARTUP is set.
* Datetime instance d with non-None tzinfo, but with d.tzinfo.utcoffset(d) returning None is now treated as naive by the astimezone() method.
* Avoid race condition with debug logging
* The concatenation (+) and repetition (*) sequence operations now raise TypeError instead of SystemError when performed on mmap.mmap objects.
* Fix gather to propagate cancellation of itself even with return_exceptions.
* Fix a race condition in SSLProtocol.connection_made() of asyncio.sslproto: start immediately the handshake instead of using call_soon(). Previously, data_received() could be called before the handshake started, causing the handshake to hang or fail.
* Fixed bug where calling write_eof() on a _SelectorSocketTransport after it’s already closed raises AttributeError.
* Fix Task.__repr__ crash with Cython’s bogus coroutines
* Fix RuntimeError after closing loop that used run_in_executor
* Use a better regex when breaking usage into wrappable parts. Avoids bogus assertion errors from custom metavar strings.
* Fixed a bug in the Python implementation of the JSON decoder that prevented the cache of parsed strings from clearing after finishing the decoding. Based on patch by c-fos.
* tempfile._candidate_tempdir_list should consider common TEMP locations
* Prevent uuid.get_node from using a DUID instead of a MAC on Windows.
* Fix race condition with ReadTransport.resume_reading in Windows proactor event loop.
* Minor fixes in typing module: add annotations to NamedTuple.__new__, pass *args and **kwds in Generic.__new__.
* Updated alias mapping with glibc 2.27 supported locales.
* Fix trailing quotation marks getting deleted when looking up byte/string literals on pydoc.
* Update error message when constructing invalid inspect.Parameters
* Fixed crash in the get() method of the dbm.ndbm database object when it is called with a single argument.
* Fix multiprocessing regression on newer glibcs
* Fix quoting of the Comment attribute of http.cookies.SimpleCookie.
* Upgrade bundled version of pip to 10.0.1.
* Fixed a crash in the parser module when converting an ST object to a tree of tuples or lists with line_info=False and col_info=True.
* Fix FD leak in _SelectorSocketTransport
* Fix display of <module> call in the html produced by cgitb.html().
* random.Random.choice() now raises IndexError for empty sequences consistently even when called from subclasses without a getrandbits() implementation.
* Update difflib.mdiff() for PEP 479. Convert an uncaught StopIteration in a generator into a return-statement.
* End framing at the end of C implementation of pickle.Pickler.dump().
* The urllib.robotparser’s __str__ representation now includes wildcard entries and the “Crawl-delay” and “Request-rate” fields.
* Allow ttk.Treeview.insert to insert iid that has a false boolean value. Note iid=0 and iid=False would be same.
* The ssl module now compiles with LibreSSL 2.7.1.
* Release the GIL during fstat() calls, avoiding hang of all threads when calling mmap.mmap(), os.urandom(), and random.seed().
* Fix a regression in ipaddress that result of hosts() is empty when the network is constructed by a tuple containing an integer mask and only 1 bit left for addresses.
* Fix wrong redirection of a low descriptor (0 or 1) to stderr in subprocess if another low descriptor is closed.
* Fix output of cover files for trace module command-line tool. Previously emitted cover files only when --missing option was used.
* If nested log adapters are used, the inner process() methods are no longer omitted.
* Support arrays >=2GiB in ctypes.
* pydoc: the stop() method of the private ServerThread class now waits until DocServer.serve_until_quit() completes and then explicitly sets its docserver attribute to None to break a reference cycle.
Version 8.6.10:
Additions and changes
- Improve reproducibility of builds (e.g. support SOURCE_DATE_EPOCH)
- Add SVG output support
- Improve documentation
- Update translations
2018-06-30 Martin Mares <mj@ucw.cz>
* Released as 3.6.0.
* BARs reported by the OS, but not set on the device itself are
reliably marked with "[virtual]".
* Library: Introduced a generic mechanism of string properties. This
avoids lots of special cases and makes ABI compatibility easier.
* On Linux systems with OpenFirmware, report corresponding device tree
nodes as device properties.
* VPD decoder knows several non-standard extensions.
* When PCIe link speed is less than the maximum supported by the
device, it is explicitly marked as "downgraded".
* Several new capabilities are not decoded yet, but at least their
names are printed.
* The Null capability is easily decoded.
* Formatting of several capabilities was cleaned up.
* The VGA16 bit in the bridge control register is now supported.
* Added a port to SylixOS. Thanks to YuJian Gong for contribution.
* Added a port to DOS/DJGPP. Thanks to Rudolf Marek for contribution.
* The order in which back-ends are probed was decoupled from the
internal back-end IDs. This helps, because new back-ends must have
their ID allocated at the end to keep the ABI, but they might need
to be proved earlier.
* The fbsd-device back-end should work again.
* Fixed a couple of bugs. Most notably, DeviceName was not printed.
* As usually, updated pci.ids to the current snapshot of the database.
pkgsrc changes:
- Remove patch-gtklp_gtklp.h (no longer needed)
Changes:
1.3.3
-----
- code cleanups and small fixes
1.3.2
------
- support for custom page sizes
- new option "-F" to hide FileTab if file is given.
- Fix display of file arguments passed on the commandline.
- merge some small fixes
- fixed danish translation, thanks to scootergrisen
- fixed dutch translation, thanks to Pander
1.3.1
------
- spanish translation updated, thanks to Jose Luis Tirado
- new croatian translation, thanks to Zoran Spoja
1.3.0
------
- favorite printers patch, thanks to Amon Ott
- bugfixes and non-utf8-enhancements, thanks to Oleh Nykyforchyn
- fixes for autoconf/automake chain
1.2.10
------
- patch to work with AppArmor, thanks to Andreas Bolsch
- patch to compile against cups 1.6.0, thanks to Eric
1.2.9
-----
- always use -lX11
- print jobs not shown in gtklpq
- setting port for gtklpq not possible
- compile with X11-Libs
- code cleanups
1.2.8a
------
- patch to compile with cups 1.5, thanks to Bengt Ahlgren
1.2.8
-----
- remove "waiting" window
- new russian translation
cups was added as default recently without broad discussion. pkgsrc
has long declined to endorse/require a particular approach to printing
(because of the multitude of strong opinions about printing).
Defaulting to cups requires that everyone install it, and some object.
In addition, cups does not build on macos, resulting in all packages
depending on gtk3 being broken. The cups option is not enabled by
default on other packages. It seems that this option is not necessary
for programs using gtk3 to print on a cups-using system.
I'm reverting this as the freeze coordinator so that 2018Q2 has the
longstanding behavior. Longer term, the question of whether cups
should be a default option bears discussion, including about what the
cosequences are for those who do and don't use cups, whether it should
be per-package or global, and about whether we want to deviate on
systems that can't build cups. (Note that we are only talking about
the defaults and binary packages built using the defaults; it's long
been possible for anyone to enable the cups options globally for their
own builds.)
Patch from Matthias Ferdinand on pkgsrc-users.
The do_core_note function in readelf.c in libmagic.a in file
5.33 allows remote attackers to cause a denial of service
(out-of-bounds read and application crash) via a crafted ELF
file.
emacs26-nox11 is missing a fix made to emacs25, which disables ns
(nextstep) unconditionally. Otherwise, the build picks up system
libraries and builds a mac app, which does not match the PLIST, and is
not console-only as intended.
(The CONFIGURE_ARGS disabling scheme is inconsistent between emacs
version, but this is a minimal build fix during freeze.)
This package has long had patches to change "inline" to "static
inline", and somewhat recently added a SUBST_ stanza to do the same
thing, resulting in "static static inline". This commit drops the
patches, and has been build tested on netbsd-8/vbearmv7hf-el and MacOS
(and hence clang).
PKGREVISION++, even though in theory any previous build shouldn't change.
Mozilla Firefox is a free, open-source and cross-platform web browser
for Windows, Linux, MacOS X and many other operating systems.
It is fast and easy to use, and offers many advantages over other web
browsers, such as tabbed browsing and the ability to block pop-up
windows.
Firefox also offers excellent bookmark and history management, and it
can be extended by developers using industry standards such as XML,
CSS, JavaScript, C++, etc. Many extensions are available.
This package provides Firefox 60 ESR.
Securty fixes:
#CVE-2018-12359: Buffer overflow using computed size of canvas element
#CVE-2018-12360: Use-after-free when using focus()
#CVE-2018-12361: Integer overflow in SwizzleData
#CVE-2018-12362: Integer overflow in SSSE3 scaler
#CVE-2018-5156: Media recorder segmentation fault when track type is changed during capture
#CVE-2018-12363: Use-after-free when appending DOM nodes
#CVE-2018-12364: CSRF attacks through 307 redirects and NPAPI plugins
#CVE-2018-12365: Compromised IPC child process can list local filenames
#CVE-2018-12371: Integer overflow in Skia library during edge builder allocation
#CVE-2018-12366: Invalid data handling during QCMS transformations
#CVE-2018-12367: Timing attack mitigation of PerformanceNavigationTiming
#CVE-2018-12368: No warning when opening executable SettingContent-ms files
#CVE-2018-12369: WebExtension security permission checks bypassed by embedded experiments
#CVE-2018-5187: Memory safety bugs fixed in Firefox 60 and Firefox ESR 60.1
#CVE-2018-5188: Memory safety bugs fixed in Firefox 60, Firefox ESR 60.1, and Firefox ESR 52.9
Changelog:
New
Enhanced performance:
Faster page rendering with Quantum CSS improvements and the new
retained display list feature
Faster switching between tabs on Windows and Linux
WebExtensions now run in their own process on MacOS
Convenient access to more search engines: You can now add search engines
to the address bar "Search with" tool from the page action menu when on
a webpage that provides an OpenSearch plugin
Share links from Firefox for MacOS more easily: You can now share the URL
of an active tab from the page actions menu in the address bar
Improved security:
On-by-default support for the latest draft of the TLS 1.3 specification
Access to FTP subresources inside http(s) pages has been blocked
A more consistent user experience: Improvements for dark theme support
across the entire Firefox user interface
More customization for tab management: added support to allow WebExtensions
to hide tabs
Improved bookmark syncing
Fixed
Various security fixes
Changed
The settings for customizing your homepage and new tab page in Firefox
have been added to a new Preferences section that can be accessed from
Firefox at about:preferences#home. The settings can also be accessed via
the gear icon on the New Tab page.
Security fixes:
#CVE-2018-12359: Buffer overflow using computed size of canvas element
#CVE-2018-12360: Use-after-free when using focus()
#CVE-2018-12361: Integer overflow in SwizzleData
#CVE-2018-12358: Same-origin bypass using service worker and redirection
#CVE-2018-12362: Integer overflow in SSSE3 scaler
#CVE-2018-5156: Media recorder segmentation fault when track type is changed during capture
#CVE-2018-12363: Use-after-free when appending DOM nodes
#CVE-2018-12364: CSRF attacks through 307 redirects and NPAPI plugins
#CVE-2018-12365: Compromised IPC child process can list local filenames
#CVE-2018-12371: Integer overflow in Skia library during edge builder allocation
#CVE-2018-12366: Invalid data handling during QCMS transformations
#CVE-2018-12367: Timing attack mitigation of PerformanceNavigationTiming
#CVE-2018-12368: No warning when opening executable SettingContent-ms files
#CVE-2018-12369: WebExtension security permission checks bypassed by embedded experiments
#CVE-2018-12370: SameSite cookie protections bypassed when exiting Reader View
#CVE-2018-5186: Memory safety bugs fixed in Firefox 61
#CVE-2018-5187: Memory safety bugs fixed in Firefox 60 and Firefox ESR 60.1
#CVE-2018-5188: Memory safety bugs fixed in Firefox 60, Firefox ESR 60.1, and Firefox ESR 52.9
