Version 3.7.3 (released 2022-01-17)
** libgnutls: The allowlisting configuration mode has been added to the system-wide
settings. In this mode, all the algorithms are initially marked as insecure
or disabled, while the applications can re-enable them either through the
[overrides] section of the configuration file or the new API.
** The build infrastructure no longer depends on GNU AutoGen for generating
command-line option handling, template file parsing in certtool, and
documentation generation. This change also removes run-time or
bundled dependency on the libopts library, and requires Python 3.6 or later
to regenerate the distribution tarball.
Note that this brings in known backward incompatibility in command-line
tools, such as long options are now case sensitive, while previously they
were treated in a case insensitive manner: for example --RSA is no longer a
valid option of certtool. The existing scripts using GnuTLS tools may need
adjustment for this change.
** libgnutls: The tpm2-tss-engine compatible private blobs can be loaded and
used as a gnutls_privkey_t. The code was originally written for the
OpenConnect VPN project by David Woodhouse. To generate such blobs, use the
tpm2tss-genkey tool from tpm2-tss-engine:
https://github.com/tpm2-software/tpm2-tss-engine/#rsa-operations
or the tpm2_encodeobject tool from unreleased tpm2-tools.
** libgnutls: The library now transparently enables Linux KTLS
(kernel TLS) when the feature is compiled in with --enable-ktls configuration
option. If the KTLS initialization fails it automatically falls back
to the user space implementation.
** certtool: The certtool command can now read the Certificate Transparency
(RFC 6962) SCT extension. New API functions are also provided to
access and manipulate the extension values.
** certtool: The certtool command can now generate, manipulate, and evaluate
x25519 and x448 public keys, private keys, and certificates.
** libgnutls: Disabling a hashing algorithm through "insecure-hash"
configuration directive now also disables TLS ciphersuites that use it as a
PRF algorithm.
** libgnutls: PKCS#12 files are now created with modern algorithms by default.
Previously certtool used PKCS12-3DES-SHA1 for key derivation and
HMAC-SHA1 as an integity measure in PKCS#12. Now it uses AES-128-CBC with
PBKDF2 and SHA-256 for both key derivation and MAC algorithms, and the
default PBKDF2 iteration count has been increased to 600000.
** libgnutls: PKCS#12 keys derived using GOST algorithm now uses
HMAC_GOSTR3411_2012_512 instead of HMAC_GOSTR3411_2012_256 for integrity, to
conform with the latest TC-26 requirements.
** libgnutls: The library now provides a means to report the status of approved
cryptographic operations. To adhere to the FIPS140-3 IG 2.4.C., this
complements the existing mechanism to prohibit the use of unapproved
algorithms by making the library unusable state.
** gnutls-cli: The gnutls-cli command now provides a --list-config option to
print the library configuration.
** libgnutls: Fixed possible race condition in
gnutls_x509_trust_list_verify_crt2 when a single trust list object is shared
among multiple threads. [GNUTLS-SA-2022-01-17, CVSS: low]
** API and ABI modifications:
GNUTLS_PRIVKEY_FLAG_RSA_PSS_FIXED_SALT_LENGTH: new flag in gnutls_privkey_flags_t
GNUTLS_VERIFY_RSA_PSS_FIXED_SALT_LENGTH: new flag in gnutls_certificate_verify_flags
gnutls_ecc_curve_set_enabled: Added.
gnutls_sign_set_secure: Added.
gnutls_sign_set_secure_for_certs: Added.
gnutls_digest_set_secure: Added.
gnutls_protocol_set_enabled: Added.
gnutls_fips140_context_init: New function
gnutls_fips140_context_deinit: New function
gnutls_fips140_push_context: New function
gnutls_fips140_pop_context: New function
gnutls_fips140_get_operation_state: New function
gnutls_fips140_operation_state_t: New enum
gnutls_transport_is_ktls_enabled: New function
gnutls_get_library_configuration: New function
Changes in 3.28
* Web PVR: Fixed wrapping of long lines in programme info page
* Fixed bug that caused some episodes to be skipped when using
--pid-recursive with certain CBeebies/CBBC programmes
* Added support for "cloudfront" CDN. You can now use
--exclude-supplier="cloudfront" if necessary.
* The modes and modesizes programme info fields are now shown in an
abbreviated form. Individual streams are no longer listed, only
available quality levels.
* The "vbidi" CDN is now excluded by default. It is inaccessible to
get_iplayer and generates useless warnings derived from 403 responses
to requests for HLS master playlists.
Schism Tracker 20211116
Summary of changes since 20211115 release:
* Fix macOS dylib path in build artifacts
* Reset filter when previewing different instrments
* Fix ST3 GUS/SB detection on big-endian platforms
Schism Tracker 20211115
Summary of changes since 20210525 release:
* Add warning for lost patterns when saving MOD files
* Fix S3M tracker identification bug
* Add support for reading OPL instruments from MPTM files
* Allow loading ModPlug volume column panning in S3M files
* Reset mixing volume to 48 for S3Ms made with GUS
* Strip zero-param commands that only have memory in IT from MOD/XM
files when loading
* Fix depth of instrument pitch-pan separation
* Fix incorrect position calculation after reaching end of ping-pong
loops
* Add rudimentary detection for SoundTracker MODs in file browser
* Apply pitch/pan separation as part of instrument panning
Prior to this change PKGSRC_MKPIE was silently ignored when clang was chosen for
the compiler, i.e. executables were never built as PIE. This became an error
after introducing a post-build check for it.
Of course we should add a MKPIE support for clang, but for now we just emit a
warning. Otherwise we cannot build packages such as devel/gnustep-base which
requires clang to build.
Maintenance:
-Fix release build name and win32 feature (#691)
-seek spits out correct error when used with no args (#695)
-Migrate to cursive 0.17
-Remove notifications' dependency on cover (#706)
-Fix errors showing up even though the command was successful (#710) (#711)
-Fix lists that were shown as empty even though they contained items
RabbitMQ 3.9.13
Core Server
Bug Fixes
Disk space monitor now correctly parses output on (at least some) systems where non-ASCII characters are used in paths.
Stream leader election is now deterministic when cluster is undergoing a rolling upgrade.
Enhancements
Queue and binding definition import can be delayed until a moment
when at least N nodes (e.g. three) have joined the cluster. This way imported quorum queues will have a desired
number of replicas from the start.
v6.4.2
======
* fix 671 : NoReturn is not avaliable in painfully dead python 3.6
v6.4.1
=======
* fix regression 669: restore get_version signature
* fix 668: harden the selftest for distribution extras
6.4.0
======
* compatibility adjustments for setuptools >58
* only put minimal setuptools version into toml extra to warn people with old strict pins
* coorectly handle hg-git self-use
* better mercurial detection
* modernize packaging setup
* python 3.10 support
* better handling of setuptools install command deprecation
* consider ``pyproject.tomls`` when running as command
* use list in git describe command to avoid shell expansions while supporting both windows and posix
* add ``--strip-dev`` flag to ``python -m setuptools_scm`` to print the next guessed version cleanly
* ensure no-guess-dev will fail on bad tags instead of generating invalid versions
* ensure we use utc everywhere to avoid confusion
This release includes various under-the-hood tweaks to the codebase,
essentially ridding citron of boilerplate code, and exploring a
different approach to how icon logic should be handled internally.
It also fixes a bug that would result in battery percentage not showing
up in cases where your battery's state is unknown.
What's New:
-You can now learn about some of the upcoming changes in Nushell by reading the
tutor e-q page. It will tell you about some of the new features and breaking
changes, as well as link you to the full list of changes.
Fixes:
-Fix to the sample configuration file
-Fix to a crate description
-Bump to some dependencies in wasm support
-Update to sysinfo support
-Fix to build on latest Rust stable + clippy
Django 3.2.11 fixes one security issue with severity “medium” and two security issues with severity “low” in 3.2.10.
- CVE-2021-45115: Denial-of-service possibility in UserAttributeSimilarityValidator
- CVE-2021-45116: Potential information disclosure in dictsort template filter
- CVE-2021-45452: Potential directory-traversal via Storage.save()
Django 2.2.26 fixes one security issue with severity “medium” and two security issues with severity “low” in 2.2.25.
- CVE-2021-45115: Denial-of-service possibility in UserAttributeSimilarityValidator
- CVE-2021-45116: Potential information disclosure in dictsort template filter
- CVE-2021-45452: Potential directory-traversal via Storage.save()
1.3.0 (2022-01-18)
==================
Bugfixes
--------
- Do not install C sources with binary distributions.
Deprecations and Removals
-------------------------
- Dropped Python 3.6 support
0.14.5
- SOCKS proxy support.
- Add proxy_auth argument to HTTPProxy
- Improve error message on 'RemoteProtocolError' exception when server disconnects without sending a response
0.17.0 (released 2021-01-18)
Backwards Compatibility Notes
ZstdCompressionWriter and ZstdDecompressionWriter now implement __iter__() and __next__(). The methods always raise io.UnsupportedOperation. The added methods are part of the io.IOBase abstract base class / interface and help ensure instances look like other I/O types.
The HASHLOG3_MAX constant has been removed since it is no longer defined in zstd 1.5.1.
Bug Fixes
The ZstdCompressionReader, ZstdCompressionWriter, ZstdDecompressionReader, and ZstdDecompressionWriter types in the C backend now tracks their closed attribute using the proper C type. Before, due to a mismatch between the C struct type and the type declared to Python, Python could read the wrong bits on platforms like s390x and incorrectly report the value of the closed attribute to Python.
Changes
Bundled zstd library upgraded from 1.5.0 to 1.5.1.
The C backend now exposes the symbols ZstdCompressionReader, ZstdCompressionWriter, ZstdDecompressionReader, and ZstdDecompressionWriter. This should match the behavior of the CFFI backend.
ZstdCompressionWriter and ZstdDecompressionWriter now implement __iter__ and __next__, which always raise io.UnsupportedOperation.
Documentation on thread safety has been updated to note that derived objects like ZstdCompressionWriter have the same thread unsafety as the contexts they were derived from.
v1.5.1 (Dec, 2021)
perf: rebalanced compression levels, to better match the intended speed/level curve, by @senhuang42
perf: faster huffman decoder, using x64 assembly, by @terrelln
perf: slightly faster high speed modes (strategies fast & dfast), by @felixhandte
perf: improved binary size and faster compilation times, by @terrelln
perf: new row64 mode, used notably in level 12, by @senhuang42
perf: faster mid-level compression speed in presence of highly repetitive patterns, by @senhuang42
perf: minor compression ratio improvements for small data at high levels, by @cyan4973
perf: reduced stack usage (mostly useful for Linux Kernel), by @terrelln
perf: faster compression speed on incompressible data, by @bindhvo
perf: on-demand reduced ZSTD_DCtx state size, using build macro ZSTD_DECODER_INTERNAL_BUFFER, at a small cost of performance, by @bindhvo
build: allows hiding static symbols in the dynamic library, using build macro, by @skitt
build: support for m68k (Motorola 68000's), by @cyan4973
build: improved AIX support, by @Helflym
build: improved meson unofficial build, by @eli-schwartz
cli : custom memory limit when training dictionary
cli : report advanced parameters information when compressing in very verbose mode (``-vv`)
knows about but are disabled by default, and are required to build
this package.
No PKGREVISION bump - if these build dependencies weren't there by chance
then avr-libc fails to build, so no effect on existing installations.
