4.8.0
- Cleanly shutdown integrated event loops when shutting down the kernel.
- %gui qt now uses Qt 5 by default rather than Qt 4, following a similar
change in terminal IPython.
- Fix event loop integration for :mod:asyncio when run with Tornado 5,
which uses asyncio where available.
Changes in Jupyter Client 5.2.2
- Fix :meth:.KernelSpecManager.get_all_specs method in subclasses
that only override :meth:.KernelSpecManager.find_kernel_specs
and :meth:.KernelSpecManager.get_kernel_spec.
- Eliminate occasional error messages during process exit.
- Improve error message when attempting to bind on invalid address.
- Add missing direct dependency on tornado
all security advisory up to and including XSA254.
While there pass XEN_VENDORVERSION=nb${PKGREVISION} to make so that
'xl info' shows the NetBSD PKGREVISION. If PKGREVISION is not available,
define this as 'nb0'.
From DESCR:
This Python module allows you to create TCP connections through a SOCKS proxy
without any special effort.
This is needed as one of the dependencies of py-gsutil, as noted in
PR pkg/52941.
Changelog:
Changes from 1.4.0 to 1.4.1:
----------------------------
* Bug fixes:
- revert some quoting changes because they don't work well with certain
GCC edge cases (#168)
* Enhancements:
- add limited support for --cflags with --msvc-syntax
Changes from 1.3.7 to 1.4.0:
----------------------------
* Notable libpkgconf API changes:
- pkgconf_pkg_t.requires has been renamed to pkgconf_pkg_t.required for
C++20 compatibility.
* Enhancements:
- pkgconf and libpkgconf has been ported to Windows as native binaries.
- improved compatibility with freedesktop.org pkg-config's ${pc_sysrootdir}
usage pattern.
- do not mention PKG_CONFIG_SKIP_CONFLICTS environmental variable when
simplified errors are requested, as with PKG_CONFIG_PATH.
- the dependency solver now stores solutions to dependency graph elements
it visits, allowing for the dependency graph to be incrementally solved.
this improves dependency solving time by an order of magnitude in most
cases.
- new --env option allows for exporting cflags/libs fragments as export
variables
- new support for building pkgconf with CMake and Meson
- improved compiler warning flag detection on autoconf and CMake
- removed PKGCONF_BUFSIZE allocations from the stack where possible
- allow for customizing the way fragment lists are rendered using
a callback API
- new support for --msvc-syntax output using the new fragment rendering
callbacks
- fragments are now quoted according to POSIX literal rules
- new variables on the pkg-config builtin:
- ${pc_system_includedirs}: the system includedir search path known
by pkgconf
- ${pc_system_libdirs}: the system libdir search path known by pkgconf
- new manpages:
- pc(5) describing pkgconf's interpretation of pkg-config .pc files
- pkg.m4(7) describing the autotools macros bundled with pkgconf
* Bug fixes:
- fix pkgconf_pkg_t.id generation on native Windows where either \ or /
are usable as path separator.
- add missing --modversion to --help output
- do not evaluate module paths for modules that are not actually on disk
- ensure we work on a zeroed buffer prior to calling realpath(2) with it
- fix path deduplication edge case when cache-inodes feature is unavailable
- fix path rewriting regression with PKG_CONFIG_SYSROOT_DIR when
PKG_CONFIG_SYSROOT_DIR is set to /
- fix crash in edge case where a .pc file has misquoting in a fragment list.
- fix logic edge case when comparing relocated paths
Changes from 1.3.6 to 1.3.7:
----------------------------
* Enhancements:
- improved diagnostics for malformed packages.
* Bug fixes:
- reject packages which contain incomplete metadata in post-parse phase.
Changes from 1.3.5 to 1.3.6:
----------------------------
* Enhancements:
- add many cflags to the protected set: -Wa, -Wl, -Wp, -ansi, -std=, -stdlib=,
-pedantic, -pthread, -trigraphs, -nostdinc, -nostdlibinc, -nobuiltininc.
* Bug fixes:
- handle -include cflag fragments properly.
Changelog:
New
Performance improvements, including:
Rendering graphics for Windows users by using Off-Main-Threa
Painting (OMTP)
Loading pages faster by changing how Firefox caches and retrieves
JavaScript
Improvements to Firefox Screenshots:
Copy and paste screenshots directly to your clipboard
Firefox Screenshots now works in Private Browsing mode
Added Nepali (ne-NP) locale
In case you missed it--57 Release privacy and performance feature:
Users can enable Tracking Protection at all times. Learn how to turn
Tracking Protection on.
Fixed
Fonts installed in non-standard directories will no longer appear
blank for Linux users
Various security fixes
Changed
User profiles created in Firefox 58 (and in future releases) are not
supported in previous versions of Firefox. Users who downgrade to
a previous version should create a new profile for that version.
Learn about alternatives to downgrading on our support site.
Added a warning to alert users and site owners of planned security
changes to sites affected by the gradual distrust plan for
the Symantec certificate authority
#CVE-2018-5091: Use-after-free with DTMF timers
#CVE-2018-5092: Use-after-free in Web Workers
#CVE-2018-5093: Buffer overflow in WebAssembly during Memory/Table resizing
#CVE-2018-5094: Buffer overflow in WebAssembly with garbage collection on
uninitialized memory
#CVE-2018-5095: Integer overflow in Skia library during edge builder allocation
#CVE-2018-5097: Use-after-free when source document is manipulated during XSLT
#CVE-2018-5098: Use-after-free while manipulating form input elements
#CVE-2018-5099: Use-after-free with widget listener
#CVE-2018-5100: Use-after-free when IsPotentiallyScrollable arguments are
freed from memory
#CVE-2018-5101: Use-after-free with floating first-letter style elements
#CVE-2018-5102: Use-after-free in HTML media elements
#CVE-2018-5103: Use-after-free during mouse event handling
#CVE-2018-5104: Use-after-free during font face manipulation
#CVE-2018-5105: WebExtensions can save and execute files on local file
system without user prompts
#CVE-2018-5106: Developer Tools can expose style editor information
cross-origin through service worker
#CVE-2018-5107: Printing process will follow symlinks for local file access
#CVE-2018-5108: Manually entered blob URL can be accessed by subsequent
private browsing tabs
#CVE-2018-5109: Audio capture prompts and starts with incorrect origin
attribution
#CVE-2018-5110: Cursor can be made invisible on OS X
#CVE-2018-5117: URL spoofing with right-to-left text aligned left-to-right
#CVE-2018-5118: Activity Stream images can attempt to load local content
through file:
#CVE-2018-5119: Reader view will load cross-origin content in violation
of CORS headers
#CVE-2018-5121: OS X Tibetan characters render incompletely in the addressbar
#CVE-2018-5122: Potential integer overflow in DoCrypt
#CVE-2018-5090: Memory safety bugs fixed in Firefox 58
#CVE-2018-5089: Memory safety bugs fixed in Firefox 58 and Firefox ESR 52.6
Changelog:
Fix
This releases fixes the "Mailsploit" vulnerability and other vulnerabilities
detected by the "Cure53" audit. For details and various other security
fixes see here.
CVE-2017-7845: Buffer overflow when drawing and validating elements with
ANGLE library using Direct 3D 9
CVE-2017-7846: JavaScript Execution via RSS in mailbox:// origin
CVE-2017-7847: Local path string can be leaked from RSS feed
CVE-2017-7848: RSS Feed vulnerable to new line Injection
CVE-2017-7829: Mailsploit part 1: From address with encoded null character
is cut off in message header display
Changelog:
CVE-2018-5091: Use-after-free with DTMF timers
CVE-2018-5095: Integer overflow in Skia library during edge builder allocation
CVE-2018-5096: Use-after-free while editing form elements
CVE-2018-5097: Use-after-free when source document is manipulated during XSLT
CVE-2018-5098: Use-after-free while manipulating form input elements
CVE-2018-5099: Use-after-free with widget listener
CVE-2018-5102: Use-after-free in HTML media elements
CVE-2018-5103: Use-after-free during mouse event handling
CVE-2018-5104: Use-after-free during font face manipulation
CVE-2018-5117: URL spoofing with right-to-left text aligned left-to-right
CVE-2018-5089: Memory safety bugs fixed in Firefox 58 and Firefox ESR 52.6
Fix for Speculative execution side-channel attack ("Spectre")
Changelog:
The NSS team has released Network Security Services (NSS) 3.35,
which is a minor release.
Summary of the major changes included in this release:
- The default database storage format has been changed to SQL,
using filenames cert9.db, key4.db, pkcs11.txt.
- TLS 1.3 support has been updated to draft -23, along with
additional significant changes.
- Support for TLS compression was removed.
- Added formally verified implementations of non-vectorized Chacha20
and non-vectorized Poly1305 64-bit.
- When creating encrypted PKCS#7 or PKCS#12 data, NSS uses a
higher iteration count for stronger security.
- The CA trust list was updated to version 2.22.
Changelog:
NSPR 4.18 contains the following changes:
- removed HP-UX DCE threads support
- improvements for the Windows implementation of PR_SetCurrentThreadName
- fixes for the Windows implementation of TCP Fast Open
0.8:
* **BACKWARD INCOMPATIBLE** binary_prefix option is added and off
by default because of compatibility with mysqlclient.
When you need PyMySQL 0.7 behavior, you have to pass binary_prefix=True.
* **BACKWARD INCOMPATIBLE** MULTI_STATEMENTS client flag is no longer
set by default, while it was on PyMySQL 0.7. You need to pass
client_flag=CLIENT.MULTI_STATEMENTS when you connect to explicitly
enable multi-statement mode.
* Fixed AuthSwitch packet handling.
* Raise OperationalError for MariaDB's constraint error.
* executemany() accepts query without space between VALUES and (.
* Support config file containing option without value.
* Fixed Connection.ping() returned unintended value.
Contao 4.5.3 is available 2018/1/23 16:06 by Leo Feyer
Contao version 4.5.3 is available. The bugfix release fixes several minor
issues including a problem with accessing the PHP session.
Contao 4.4.13 is available 2018/1/23 10:59 by Leo Feyer
Contao version 4.4.13 is available. The bugfix release fixes issues with PHP
7.2 as well as with MariaDB 10.2.4+ and MySQL 8.
Release 3.22.0:
The output of sqlite3_trace_v2() now shows each individual SQL statement run within a trigger.
Add the ability to read from WAL mode databases even if the application lacks write permission on the database and its containing directory, as long as the -shm and -wal files exist in that directory.
Added the rtreecheck() scalar SQL function to the R-Tree extension.
Added the sqlite3_vtab_nochange() and sqlite3_value_nochange() interfaces to help virtual table implementations optimize UPDATE operations.
Added the sqlite3_vtab_collation() interface.
Added support for the "^" initial token syntax in FTS5.
New extensions:
The Zipfile virtual table can read and write a ZIP Archive.
Added the fsdir(PATH) table-valued function to the fileio.c extension, for listing the files in a directory.
The sqlite_btreeinfo eponymous virtual table for introspecting and estimating the sizes of the btrees in a database.
The Append VFS is a VFS shim that allows an SQLite database to be appended to some other file. This allows (for example) a database to be appended to an executable that then opens and reads the database.
Query planner enhancements:
The optimization that uses an index to quickly compute an aggregate min() or max() is extended to work with indexes on expressions.
The decision of whether to implement a FROM-clause subquery as a co-routine or using query flattening now considers whether the result set of the outer query is "complex" (if it contains functions or expression subqueries). A complex result set biases the decision toward the use of co-routines.
The planner avoids query plans that use indexes with unknown collating functions.
The planner omits unused LEFT JOINs even if they are not the right-most joins of a query.
Other performance optimizations:
A smaller and faster implementation of text to floating-point conversion subroutine: sqlite3AtoF().
The Lemon parser generator creates a faster parser.
Use the strcspn() C-library routine to speed up the LIKE and GLOB operators.
Improvements to the command-line shell:
The ".schema" command shows the structure of virtual tables.
Added support for reading and writing SQL Archive files using the .archive command.
Added the experimental .expert command
Added the ".eqp trigger" variant of the ".eqp" command
Enhance the ".lint fkey-indexes" command so that it works with WITHOUT ROWID tables.
If the filename argument to the shell is a ZIP archive rather than an SQLite database, then the shell automatically opens that ZIP archive using the Zipfile virtual table.
Added the edit() SQL function.
Added the .excel command to simplify exporting database content to a spreadsheet.
Databases are opened using Append VFS when the --append flag is used on the command line or with the .open command.
Enhance the SQLITE_ENABLE_UPDATE_DELETE_LIMIT compile-time option so that it works for WITHOUT ROWID tables.
Provide the sqlite_offset(X) SQL function that returns the byte offset into the database file to the beginning of the record holding value X, when compiling with -DSQLITE_ENABLE_OFFSET_SQL_FUNC.
Bug fixes
