Bleach is an HTML sanitizing library that escapes or strips markup
and attributes based on a white list. Bleach can also linkify text
safely, applying filters that Django's ``urlize`` filter cannot,
and optionally setting ``rel`` attributes, even on links already
in the text.
Tiny Tiny RSS is an open source web-based news feed (RSS/Atom)
reader and aggregator, designed to allow you to read news from any
location, while feeling as close to a real desktop application as
possible.
Changes since 4.0:
- Dropped support for Python below 2.5 and PostgreSQL below 8.3.
- Added support for Python up to 2.7 and PostgreSQL up to 9.2.
- Particularly, support PQescapeLiteral() and PQescapeIdentifier().
- The query method of the classic API now supports positional parameters.
This an effective way to pass arbitrary or unknown data without worrying
about SQL injection or syntax errors (contribution by Patrick TJ McPhee).
- The classic API now supports a method namedresult() in addition to
getresult() and dictresult(), which returns the rows of the result
as named tuples if these are supported (Python 2.6 or higher).
- The classic API has got the new methods begin(), commit(), rollback(),
savepoint() and release() for handling transactions.
- Both classic and DBAPI 2 connections can now be used as context
managers for encapsulating transactions.
- The execute() and executemany() methods now return the cursor object,
so you can now write statements like "for row in cursor.execute(...)"
(as suggested by Adam Frederick).
- Binary objects are now automatically escaped and unescaped.
- Bug in money quoting fixed. Amounts of $0.00 handled correctly.
- Proper handling of date and time objects as input.
- Proper handling of floats with 'nan' or 'inf' values as input.
- Fixed the set_decimal() function.
- All DatabaseError instances now have a sqlstate attribute.
- The getnotify() method can now also return payload strings (#15).
- Better support for notice processing with the new methods
set_notice_receiver() and get_notice_receiver()
(as suggested by Michael Filonenko, see #12 and #37).
- Open transactions are rolled back when pgdb connections are closed
(as suggested by Peter Harris, see #46).
- Connections and cursors can now be used with the "with" statement
(as suggested by Peter Harris, see #46).
- New method use_regtypes() that can be called to let getattnames()
return regular type names instead of the simplified classic types (#44).
Changelog:
2013.01.01 v.13.01
+ The French, Catalan and Netherlands translations were updated.
+ Vertical menu/toolbar option for better utilization of wide monitors.
+ Gallery view: image size and date were added to the view.
+ Gallery view: mouse hover on thumbnail shows a popup metadata report.
+ Manage Collections: the UI has been reworked to make it easier to use.
+ Icons for all edit functions were added for use in the Favorites menu.
+ Gallery file selection: multiple images can be selected, inserted and
deleted, making re-arrangement of the sequence faster and easier.
+ Favorites menu: ignore small inadvertent drags from flying mouse
clicks which can cause accidental displacement of the menu entries.
+ Brightness histogram: add "overall" graph to existing R/G/B graphs.
+ Missing popup mini-explanations (tips) for some menus were added.
+ Bugfix: some metadata functions crashed if index file sync disabled.
2012.12.20 v.12.12.2
+ Bugfix: geotag latitude/longitude fractions were being truncated for
locales using a comma decimal point.
qpdfview uses the Poppler library for rendering and CUPS for
printing. It provides a clear and simple graphical user interface
using the Qt framework.
Current features include:
* Outline, properties and thumbnail panes
* Scale, rotate and fit
* Fullscreen and presentation views
* Continuous and multiple-page layouts
* Search for text
* Configurable tool bars
* Persistent per-file settings
* SyncTeX support
* Rudimentary annotation support (with Poppler version 0.20.1 or higher)
* Rudimentary form support
configure tests for memset/memcpy, which are standard and haven't
needed checking in a long time. This makes the configure script
tolerate injection of -Werror.
Fix signed/unsigned mismatches in the sha2 and whirlpool code. This
package now passes -Wall with gcc45.
Bump the package version to 20121220, which is when I made these
changes.
problems with linking and rpaths, such as the NetBSD manifestation of
PR 47187, and probably others; I haven't tried yet but I suspect at
least my manifestation of PR 44985 will be fixed too.
Major changes since 4.2.7:
- Allow comparison of msgsize, rcptcount & spamd, against values from LDAP
- localaddr option so that Postifix user can use spf self
- Allow filtering header and body against LDAP or CURL gathered properties
- Add format string to report last matching LDAP or CURL propery
- Add a addfooter action clause in ACL, to add mail a footer
- Allow per-dacl maxpeek setting, set by maxpeer action clause in racl
- Add LDAP or CURL gathered property substitution in format strings
- Add continue type ACL
- p0f v3 support
- Fix spamd hang if message contains NULL (Enrico Scholz)
- Send the queueid to spamd (Petar Bogdanovic)
- Ratelimit on SMTP sessions and data size
- New tarpit feature (Kouhei Sutou)
- Make SpamAssassin headers Sendmail-like (Petar Bogdanovic)
- Merge autowhite and greylist databases (Rudy Eschauzier)
- Make LDAP querries timeout configurable
- Make MX sync timeout peer-configurable (Attila Bruncsak)
This update is largely based on a patch submitted by Richard Palo
in PR pkg/47369.
and AST-2012-015.
Approved for commit during freeze by: agc
The Asterisk Development Team has announced security releases for Certified
Asterisk 1.8.11 and Asterisk 1.8, 10, and 11. The available security releases
are released as versions 1.8.11-cert10, 1.8.19.1, 10.11.1, 10.11.1-digiumphones,
and 11.1.1.
The release of these versions resolve the following two issues:
* Stack overflows that occur in some portions of Asterisk that manage a TCP
connection. In SIP, this is exploitable via a remote unauthenticated session;
in XMPP and HTTP connections, this is exploitable via remote authenticated
sessions.
* A denial of service vulnerability through exploitation of the device state
cache. Anonymous calls had the capability to create devices in Asterisk that
would never be disposed of.
These issues and their resolutions are described in the security advisories.
For more information about the details of these vulnerabilities, please read
security advisories AST-2012-014 and AST-2012-015, which were released at the
same time as this announcement.
For a full list of changes in the current releases, please see the ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.1.1
The security advisories are available at:
* http://downloads.asterisk.org/pub/security/AST-2012-014.pdf
* http://downloads.asterisk.org/pub/security/AST-2012-015.pdf
Thank you for your continued support of Asterisk!
and AST-2012-015.
Approved for commit during freeze by: agc
The Asterisk Development Team has announced security releases for Certified
Asterisk 1.8.11 and Asterisk 1.8, 10, and 11. The available security releases
are released as versions 1.8.11-cert10, 1.8.19.1, 10.11.1, 10.11.1-digiumphones,
and 11.1.1.
The release of these versions resolve the following two issues:
* Stack overflows that occur in some portions of Asterisk that manage a TCP
connection. In SIP, this is exploitable via a remote unauthenticated session;
in XMPP and HTTP connections, this is exploitable via remote authenticated
sessions.
* A denial of service vulnerability through exploitation of the device state
cache. Anonymous calls had the capability to create devices in Asterisk that
would never be disposed of.
These issues and their resolutions are described in the security advisories.
For more information about the details of these vulnerabilities, please read
security advisories AST-2012-014 and AST-2012-015, which were released at the
same time as this announcement.
For a full list of changes in the current releases, please see the ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.1.1
The security advisories are available at:
* http://downloads.asterisk.org/pub/security/AST-2012-014.pdf
* http://downloads.asterisk.org/pub/security/AST-2012-015.pdf
Thank you for your continued support of Asterisk!
and AST-2012-015.
Approved for commit during freeze by: agc
The Asterisk Development Team has announced security releases for Certified
Asterisk 1.8.11 and Asterisk 1.8, 10, and 11. The available security releases
are released as versions 1.8.11-cert10, 1.8.19.1, 10.11.1, 10.11.1-digiumphones,
and 11.1.1.
The release of these versions resolve the following two issues:
* Stack overflows that occur in some portions of Asterisk that manage a TCP
connection. In SIP, this is exploitable via a remote unauthenticated session;
in XMPP and HTTP connections, this is exploitable via remote authenticated
sessions.
* A denial of service vulnerability through exploitation of the device state
cache. Anonymous calls had the capability to create devices in Asterisk that
would never be disposed of.
These issues and their resolutions are described in the security advisories.
For more information about the details of these vulnerabilities, please read
security advisories AST-2012-014 and AST-2012-015, which were released at the
same time as this announcement.
For a full list of changes in the current releases, please see the ChangeLogs:
http://downloads.asterisk.org/pub/telephony/asterisk/releases/ChangeLog-11.1.1
The security advisories are available at:
* http://downloads.asterisk.org/pub/security/AST-2012-014.pdf
* http://downloads.asterisk.org/pub/security/AST-2012-015.pdf
Thank you for your continued support of Asterisk!
Changelog:
aria2 1.16.1
============
Release Note
------------
This release adds the ability to persist GID across sessions. The GID
will be saved with --save-session. There are several restrictions how
GID is persisted. See the manual for details. For this change, now GID
is 64 bits binary data and represented by 16 characters hex string in
RPC query. The disk cache feature was added, which may reduce disk
activity. The console readout was redesigned. The warning displayed
when --file-allocation=falloc is used on MinGW32 build was removed as
a bug.
Changes
-------
* mingw32: Re-open files with read-only mode enabled on seeding
On Mingw32 build, if aria2 opens file with GENERIC_WRITE access
right, some programs cannot open the file aria2 is seeding. To avoid
this situation, re-open files with read-only enabled when seeding is
about to begin.
* Save gid option with --save-session option
* Added --gid option
This option sets GID manually. aria2 identifies each download by the
ID called GID. The GID must be hex string of 16 characters, thus
[0-9a-zA-Z] are allowed and leading zeros must not be stripped. The
GID all 0 is reserved and must not be used. The GID must be unique,
otherwise error is reported and the download is not added. This
option is useful when restoring the sessions saved using
--save-session option. If this option is not used, new GID is
generated by aria2.
* Use 64 bits random bytes as GID
This change replaces the current 64 bit sequential GID with 64 bits
random bytes GID in an attempt to support persistent
GID. Internally, the GID is stored as uint64_t. For human
representation and RPC interface, GID is represented as 16 bytes hex
string. For console readout, 16 bytes are too long, so it is
abbreviated to first 6 bytes. When querying GID in RPC calls, user
can speicfy the prefix of GID as long as the prefix is shared by
more than 1 GID entries.
* Fixed BitfieldMan::getOffsetCompletedLength overflow on 32-bit systems
* mingw32: Use HANDLE only for MinGW32 build
* Changed console readout, making it more compact
"SIZE:" is removed because it is obvious. SEEDING, SEED, SPD and UP
are now replaced with SEED, SD, DL and UL respectively.
* Compact readout when more than 1 simultaneous downloads are going on
If more than 1 simultaneous downloads are going on, use more compact
format in readout. Currently, at most 5 download stats are
displayed.
util::abbrevSize() is rewritten to support "Gi" unit and provides
more compact abbreviation.
* Console color output
Log level and download result string is now colored.
* Logger: Simplified console output and change level format in log
The date and time are now removed from console output. The log
level is now formatted as "[LEVEL]".
* Start to find faster host before the number of missing segments becomes 1
The old implementation starts to find faster host when the number of
missing segment becomes 1. Because of --min-split-size option,
before the number of missing segment becomes 1, the number of
connection becomes 1 and it can be slow. In this case, we have to
wait until the last segment is reached. The new implementation
starts to find faster host when the remaining length is less than
--min-split-size * 2, to mitigate the problem stated above.
* Removed warning when --file-allocation=falloc is used in MinGW32 build
The warning was just a mistake. SetFilePointerEx + SetEndOfFile
actually allocate disk space.
* Write data in 4K aligned offset in write with disk cache enabled
This greatly reduces disk activity especially on Win + NTFS. Not so
much difference on Linux.
* mingw32: Removed FSCTL_SET_SPARSE set
* Added --disk-cache option
This option enables disk cache. If SIZE is 0, the disk cache is
disabled. This feature caches the downloaded data in memory, which
grows to at most SIZE bytes. The cache storage is created for aria2
instance and shared by all downloads. The one advantage of the disk
cache is reduce the disk seek time because the data is written in
larger unit and it is reordered by the offset of the file. If the
underlying file is heavily fragmented it is not the case.
* Fix build on NetBSD current, repoted by dholland@
Fix NetBSD version conditional and link to libexecinfo
Changelog:
* More features
* 200 over bug fixes
