This says nothing other than that the package behaves the way it
should and that the user should read the documentation.
(The hint about upgrading is from at least 7 years ago, so that should
be deleted anyway.)
2.3.19 (2021.02.04)
Highlights:
* JARM: New JARM database thanks to Julien Voisin @jvoisin (#331)
* Many contributions from Rumble Discovery (@hdm) thanks to Julien Voisin
@jvoisin for the backport (#334)
* Testing: New testing via Github actions thanks to Gavin Schneider
@gschneider-r7 (#328)
* SIP: Improved coverage for Server and User Agent (#339)
* CPE: Various improvements (#330)
* SMB: Focused improvements and added product coverage (#307)
* Misc fingerprint improvements (Thanks @jvoisin and @scopedsecurity)
(#308, #327, #331)
## 1.14.2 - 2021-01-23
- Allow `JANET_PROFILE` env variable to load a profile before loading the repl.
- Update `tracev` macro to allow `def` and `var` inside to work as expected.
- Use `(dyn :peg-grammar)` for passing a default grammar to `peg/compile` instead of loading
`default-peg-grammar` directly from the root environment.
- Add `ev/thread` for combining threading with the event loop.
- Add `ev/do-thread` to make `ev/thread` easier to use.
- Automatically set supervisor channel in `net/accept-loop` and `net/server` correctly.
lv2 (1.18.2) stable;
* Various code cleanups and infrastructure improvements.
* eg-sampler: Save and restore gain parameter value.
* state: Fix state:StateChanged URI in metadata and documentation.
== Version 3.0.1 (2021-01-31)
Bug fixes::
* exec: fix search of command by identifier
* spell: fix refresh of bar item "spell_suggest" when the input becomes empty (issue #1586)
* spell: fix crash with IRC color codes in command line (issue #1589)
Remove workaround for RHEL 7. This workaround resulted in gcc/configure
failing to find dlfcn.h. The build doesn't appear to need it.
Fixes install on both Fedora 33 and CentOS 7 (the docker image, at least).
Changes in MySQL 5.6.51
Security Notes
The linked OpenSSL library for MySQL Server has been updated to version 1.1.1i. Issues fixed in the new OpenSSL version are described at https://www.openssl.org/news/cl111.txt and https://www.openssl.org/news/vulnerabilities.html.
Bugs Fixed
InnoDB: The full-text search synchronization thread attempted to read a previously-freed word from the index cache.
The server did not handle all cases of the WHERE_CONDITION optimization correctly.
Privileges for some INFORMATION_SCHEMA tables were checked incorrectly.
In certain cases, the server did not handle multiply-nested subqueries correctly.
A buffer overflow in the client library was fixed.
* fix unit tests in a clean environment
* move default database path to ~/.local/share (Closes: GL#16)
* default to data directory and add a deprecation warning (Closes: GL#17)
Django 3.1.6 fixes a security issue with severity “low” and a bug in 3.1.5.
CVE-2021-3281: Potential directory-traversal via archive.extract()
The django.utils.archive.extract() function, used by startapp --template and startproject --template, allowed directory-traversal via an archive with absolute paths or relative paths with dot segments.
Bugfixes
Fixed an admin layout issue in Django 3.1 where changelist filter controls would become squashed
Django 2.2.18 fixes a security issue with severity “low” in 2.2.17.
CVE-2021-3281: Potential directory-traversal via archive.extract()
The django.utils.archive.extract() function, used by startapp --template and startproject --template, allowed directory-traversal via an archive with absolute paths or relative paths with dot segments.
0.16.21
- Fixed validating JSON before decoding.
- Add model method `update_or_create`.
- Add `batch_size` parameter for `bulk_create` method.
- Fix save with F expression and field with source_field.
are not used in the file, even if not declared static.
Add __attribute__((externally_visible)) to memcpy() to force gcc to
include it.
Fixes build on -current (gcc 9)
This is a build fix so no PKGREVISION bump
== New Features ==
* There is a new config section for templates used by hg commands. It
is called `[command-templates]`. Some existing config options have
been deprecated in favor of config options in the new
section. These are: `ui.logtemplate` to `command-templates.log`,
`ui.graphnodetemplate` to `command-templates.graphnode`,
`ui.mergemarkertemplate` to `command-templates.mergemarker`,
`ui.pre-merge-tool-output-template` to
`command-templates.pre-merge-tool-output`.
* There is a new set of config options for the template used for the
one-line commit summary displayed by various commands, such as `hg
rebase`. The main one is `command-templates.oneline-summary`. That
can be overridden per command with
`command-templates.oneline-summary.<command>`, where `<command>`
can be e.g. `rebase`. As part of this effort, the default format
from `hg rebase` was reorganized a bit.
* `hg strip`, from the strip extension, is now a core command, `hg
debugstrip`. The extension remains for compatibility.
* `hg diff` and `hg extdiff` now support `--from <rev>` and `--to <rev>`
arguments as clearer alternatives to `-r <revs>`. `-r <revs>` has been
deprecated.
* The memory footprint per changeset during pull/unbundle
operations has been further reduced.
* There is a new internal merge tool called `internal:mergediff` (can
be set as the value for the `merge` config in the `[ui]`
section). It resolves merges the same was as `internal:merge` and
`internal:merge3`, but it shows conflicts differently. Instead of
showing 2 or 3 snapshots of the conflicting pieces of code, it
shows one snapshot and a diff. This may be useful when at least one
side of the conflict is similar to the base. The new marker style
is also supported by "premerge" as
`merge-tools.<tool>.premerge=keep-mergediff`.
* External hooks are now called with `HGPLAIN=1` preset. This has the side
effect of ignoring aliases, templates, revsetaliases, and a few other config
options in any `hg` command spawned by the hook. The previous behavior
can be restored by setting HGPLAINEXCEPT appropriately in the parent process.
See `hg help environment` for the list of items, and how to set it.
* The `branchmap` cache is updated more intelligently and can be
significantly faster for repositories with many branches and changesets.
== New Experimental Features ==
* `experimental.single-head-per-branch:public-changes-only` can be used
restrict the single head check to public revision. This is useful for
overlay repository that have both a publishing and non-publishing view
of the same storage.
== Backwards Compatibility Changes ==
* `--force-lock` and `--force-wlock` options on `hg debuglock` command are
renamed to `--force-free-lock` and `--force-free-wlock` respectively.
Changes in MySQL 5.7.33
Optimizer Notes
MySQL attempts to use an ordered index for any ORDER BY or GROUP BY query that has a LIMIT clause, overriding any other choices made by the optimizer, whenever it determines that this would result in faster execution. Because the algorithm for making this determination makes certain assumptions about data distribution and other conditions, it may not always be completely correct, and it is possible in some cases that choosing a different optimization for such queries can provide better performance. To handle such occurrences, it is now possible to disable this optimization by setting the optimizer_switch system variable's prefer_ordering_index flag to off.
For more information about this flag and examples of its use, see Switchable Optimizations, and LIMIT Query Optimization.
Our thanks to Jeremy Cole for the contribution.
Security Notes
The linked OpenSSL library for MySQL Server has been updated to version 1.1.1i. Issues fixed in the new OpenSSL version are described at https://www.openssl.org/news/cl111.txt and https://www.openssl.org/news/vulnerabilities.html.
Functionality Added or Changed
When invoked with the --all-databases option, mysqldump now dumps the mysql database first, so that when the dump file is reloaded, any accounts named in the DEFINER clause of other objects will already have been created.
Bugs Fixed
InnoDB: The full-text search synchronization thread attempted to read a previously-freed word from the index cache.
InnoDB: Calls to numa_all_nodes_ptr were replaced by the numa_get_mems_allowed() function. Thanks to Daniel Black for the contribution.
Replication: When the system variable transaction_write_set_extraction=XXHASH64 is set, which is the default in MySQL 8.0 and a requirement for Group Replication, the collection of writes for a transaction previously had no upper size limit. Now, for standard source to replica replication, the numeric limit on write sets specified by binlog_transaction_dependency_history_size is applied, after which the write set information is discarded but the transaction continues to execute. Because the write set information is then unavailable for the dependency calculation, the transaction is marked as non-concurrent, and is processed sequentially on the replica. For Group Replication, the process of extracting the writes from a transaction is required for conflict detection and certification on all group members, so the write set information cannot be discarded if the transaction is to complete. The byte limit set by group_replication_transaction_size_limit is applied instead of the numeric limit, and if the limit is exceeded, the transaction fails to execute.
Replication: As the number of replicas replicating from a semisynchronous source server increased, locking contention could result in a performance degradation. The locking mechanisms used by the plugins have been changed to use shared locks where possible, avoid unnecessary lock acquisitions, and limit callbacks. The new behaviors can be implemented by enabling the following system variables:
replication_sender_observe_commit_only=1 limits callbacks.
replication_optimize_for_static_plugin_config=1 adds shared locks and avoids unnecessary lock acquisitions. This system variable must be disabled if you want to uninstall the plugin.
Both system variables can be enabled before or after installing the semisynchronous replication plugin, and can be enabled while replication is running. Semisynchronous replication source servers can also get performance benefits from enabling these system variables, because they use the same locking mechanisms as the replicas.
Replication: On a multi-threaded replica where the commit order is preserved, worker threads must wait for all transactions that occur earlier in the relay log to commit before committing their own transactions. If a deadlock occurs because a thread waiting to commit a transaction later in the commit order has locked rows needed by a transaction earlier in the commit order, a deadlock detection algorithm signals the waiting thread to roll back its transaction. Previously, if transaction retries were not available, the worker thread that rolled back its transaction would exit immediately without signalling other worker threads in the commit order, which could stall replication. A worker thread in this situation now waits for its turn to call the rollback function, which means it signals the other threads correctly.
Replication: GTIDs are only available on a server instance up to the number of non-negative values for a signed 64-bit integer (2 to the power of 63 minus 1). If you set the value of gtid_purged to a number that approaches this limit, subsequent commits can cause the server to run out of GTIDs and take the action specified by binlog_error_action. From MySQL 8.0.23, a warning message is issued when the server instance is approaching the limit.
Microsoft Windows: On Windows, running the MySQL server as a service caused shared-memory connections to fail.
The server did not handle all cases of the WHERE_CONDITION optimization correctly.
For the engines which support primary key extension, when the total key length exceeded MAX_KEY_LENGTH or the number of key parts exceeded MAX_REF_PARTS, key parts of primary keys which did not fit within these limits were not added to the secondary key, but key parts of primary keys were unconditionally marked as part of secondary keys.
This led to a situation in which the secondary key was treated as a covering index, which meant sometimes the wrong access method was chosen.
This is fixed by modifying the way in which key parts of primary keys are added to secondary keys so that those which do not fit within which do not fit within the limits mentioned previously mentioned are cleared.
Privileges for some INFORMATION_SCHEMA tables were checked incorrectly.
In certain cases, the server did not handle multiply-nested subqueries correctly.
Certain accounts could cause server startup failure if the skip_name_resolve system variable was enabled.
Client programs could unexpectedly exit if communication packets contained bad data.
A buffer overflow in the client library was fixed.
mysql_config_editor incorrectly treated # in password values as a comment character.
Mostly, this is adapting the warning flags removed from the build and
those added to clang vs gcc.
Hoist removal of -Wno-stringop-truncation to always happen, because it
was separately on for clang and gcc, and it seems likely it would be
unknown on some other compiler.
