* Do not define USE_LANGUAGES+=gnu++17. Passing -std=gnu++17 to all clang
invocations causes build failure.
Changelog:
Fixed
Fixed crashes on Windows systems running third-party security software such as 0patch or G DATA (bug 1610790)
Fixed loss of browser functionality in certain circumstances such as running in Windows compatibility mode or having custom anti-exploit settings (bug 1614885)
Resolved problems connecting to the RBC Royal Bank website (bug 1613943)
Fixed Firefox unexpectedly exiting when leaving Print Preview mode (bug 1611133)
Fixed crashes when playing encrypted content on some Linux systems (bug 1614535)
Release 2.4.2:
Bugs fixed
* autodoc: ``autodoc.typehints`` crashed when variable has unbound object
as a value
* autodoc: separator for keyword only arguments is not shown
* autodoc: IndexError is raised on suppressed type_comment found
* autodoc: typehints extension does not support parallel build
* autodoc: TypeError is raised on fetching type annotations
* crashed when extension assigns a value to ``env.indexentries``
* text: Remove debug print
* viewcode: Avoid to crash when non-python code given
2.23.0:
**Improvements**
- Remove defunct reference to `prefetch` in Session `__attrs__`
**Bugfixes**
- Requests no longer outputs password in basic auth usage warning.
**Dependencies**
- Pinning for `chardet` and `idna` now uses major version instead of minor.
This hopefully reduces the need for releases everytime a dependency is updated.
v1.1.1:
* Change of *skip* validation mode with errors filtering in decode() or encode()
* Extension of location hints by argument to imported/included schemas
* Fixed lazy validation with identity constraints
* Fixed many W3C instance tests (remain ~100 over 15344 tests)
pkgsrc changes:
* update DESCR and MESSAGE to reflect twitter plugin removal etc.
* sort DEPENDS by package (i.e. gem) names without categories for
maintainability
* adjust EXTRACT_DIR per upstream tarball changes
(probably this will soon be changed again on upstream)
* set DISABLE_BUNDLER_SETUP=1 to disable bundler's auto download on startup
Upstream changes:
mikutter 4.0.4
* crash on adding Mastdon accounts
* thanks Ahiru Iegamo
* error on Mastodon User Profile tab
* thanks Ahiru Iegamo
* delayer 1.0.2
mikutter 4.0.3
* support Ruby 2.7 changes
* clear image loading window by bg color after loading images and
before drawing Pixbuf
* thanks Shibafu Midorino
mikutter 4.0.2
* support thumbnails of YouTube and Niconico-video
* thanks Shibafu Midorino
* appimage: fix crash/freeze
* thanks Yuto Tokunaga
* adjust selected region including custom emoji cases on strings copy
* thanks Shibafu Midorino
* remove irb from Gemfile
mikutter 4.0.1
* happy new year
* fix appimage
* thanks hinaloe k
* remove unnecessary code executed per MiraclePainter updates
* thanks Shibafu Midorino
mikutter 4.0
Major version up after five and half years after prevous update,
for 10 years aniversary of mikutter, with some incompatible changes.
* make Twitter plugins third party plugins
* Twitter plugins are no longer included
* users can still use Twitter on mikutter by installing Twitter plugins
https://github.com/mikutter/twitter_bootstrap
* remove Service module
* Abstraction by Service was not sufficient and it has been replaced
by World plugin
* deprecate boot events
* initialization should be implemented in plugin context or
Delayer.new {...} should be used if it need to be executed after
load is conplete
* remove miquire
* miquire was introduce to avoid (no-longer-recallable) problems
on ruby 1.8 and to switch loaded files by command line options,
but both of them no longer exist
* use own implementation to handle event loop
* mikutter used Gtk mailloop and Delayer queue but it caused FiberError
exceptions and the FiberError was hard to fix per specification
* make it possible to change, preserve and restore order of general
Model viewer tabs
* orders of tabs in Mastdon user prifile tabs are recoreded and
preserved on the next open even on other similar tabs
* support Ruby 2.5 and later (drop support for 2.4)
* ruby 2.4 will be EOLed on end of March 2020
https://www.ruby-lang.org/ja/news/2019/10/02/ruby-2-4-9-released/
* drop bundling gems in release tar ball
* nowadays bundler is common enough and plugins with Gemfile made
things more complicated
* all other things forgotten to be written
* all things I missed
Adam Jackson (1):
Suppress high-keycode warnings at the default warning level
Alan Coopersmith (1):
Update configure.ac bug URL for gitlab migration
Andreas Boll (2):
pkgconfig: Remove unneeded Requires.private
configure: Remove unused AC_SUBST([REQUIRED_MODULES])
Andreas Wettstein (1):
xkbcomp Fix missing support for "affect" and incorrect modifier handling for ISOLock
Dimitry Andric (1):
Don't compare with string literals
Matt Turner (1):
xkbcomp 1.4.3
Miroslav Koškár (1):
Fix invalid error report on F_Accel field
Peter Hutterer (1):
Error out if we have no default path
Pkgsrc changes:
* Adjust line numbers in patch.
Upstream changes:
The 1.10.0 release has RPZ support and serve stale functionality
according to draft draft-ietf-dnsop-serve-stale-10. And a number of
other, smaller, features, and bug fixes.
The DNS Response Policy Zones (RPZ) functionality makes it possible
to express DNS response policies in a DNS zone. These zones can
be loaded from file or transferred over DNS zone transfers or
HTTP. The RPZ functionality in Unbound is implemented as specified in
draft-vixie-dnsop-dns-rpz-00. Only the QNAME and Response IP Address
triggers are supported. The supported RPZ actions are: NXDOMAIN, NODATA,
PASSTHRU, DROP and Local Data.
Enabling the respip module using `module-config` is required to use
RPZ. Each RPZ zone can be configured using the `rpz` clause. RPZ clauses
are applied in order of configuration. Unbound can get the data from
zone transfer, a zonefile or https url, and more options are documented
in the man page. A minimal RPZ configuration that will transfer the
RPZ zone using AXFR and IXFR can look like:
server:
module-config: "respip validator iterator"
rpz:
name: "rpz.example.com" # name of the policy zone
master: 192.0.2.0 # address of the name server to transfer from
The serve-stale functionality as described in
draft-ietf-dnsop-serve-stale-10 is now supported in unbound.
This allows unbound to first try and resolve a domain name before
replying with expired data from cache. This differs from unbound's
initial serve-expired behavior which attempts to reply with expired
entries from cache without waiting for the actual resolution to finish.
Both behaviors are available and can be configured with the various
serve-expired-* configuration options. serve-expired-client-timeout is
the option that enables one or the other.
The DSA algorithms have been disabled by default, this is because of
RFC 8624.
There is a crash fix in the parse of text of type WKS, reported by
X41 D-Sec.
In addition, neg and key caches can be shared with multiple
libunbound contexts, a change that assists unwind. The
contrib/unbound_portable.service provides a systemd start file for a
portable setup. The configure --with-libbsd option allows the use
of the bsd compatibility library so that it can use the arc4random
from it. The stats in contrib/unbound_munin_ have num.query.tls and
num.query.tls.resume added to them. For unbound-control the command
view_local_datas_remove is added that removes data from a view.
Features:
- Merge RPZ support into master. Only QNAME and Response IP triggers are
supported.
- Added serve-stale functionality as described in
draft-ietf-dnsop-serve-stale-10. `serve-expired-*` options can be used
to configure the behavior.
- Updated cachedb to honor `serve-expired-ttl`; Fixes#107.
- Renamed statistic `num.zero_ttl` to `num.expired` as expired replies
come with a configurable TTL value (`serve-expired-reply-ttl`).
- Merge #135 from Florian Obser: Use passed in neg and key cache
if non-NULL.
- Fix#153: Disable validation for DSA algorithms. RFC 8624 compliance.
- Merge PR#151: Fixes for systemd units, by Maryse47, Edmonds
and Frzk. Updates the unbound.service systemd file and adds a portable
systemd service file.
- Merge PR#154; Allow use of libbsd functions with configure option
--with-libbsd. By Robert Edmonds and Steven Chamberlain.
- Merge PR#148; Add some TLS stats to unbound_munin_. By Fredrik Pettai.
- Merge PR#156 from Alexander Berkes; Added unbound-control
view_local_datas_remove command.
Bug Fixes:
- Fix typo to let serve-expired-ttl work with ub_ctx_set_option(), by
Florian Obser
- Update mailing list URL.
- Fix#140: Document slave not downloading new zonefile upon update.
- Downgrade compat/getentropy_solaris.c to version 1.4 from OpenBSD.
The dl_iterate_phdr() function introduced in newer versions raises
compilation errors on solaris 10.
- Changes to compat/getentropy_solaris.c for,
ifdef stdint.h inclusion for older systems. ifdef sha2.h inclusion
for older systems.
- Fix 'make test' to work for --disable-sha1 configure option.
- Fix out-of-bounds null-byte write in sldns_bget_token_par while
parsing type WKS, reported by Luis Merino from X41 D-Sec.
- Updated sldns_bget_token_par fix for also space for the zero
delimiter after the character. And update for more spare space.
- Fix#138: stop binding pidfile inside chroot dir in systemd service
file.
- Fix the relationship between serve-expired and prefetch options,
patch from Saksham Manchanda from Secure64.
- Fix unreachable code in ssl set options code.
- Removed the dnscrypt_queries and dnscrypt_queries_chacha tests,
because dnscrypt-proxy (2.0.36) does not support the test setup
any more, and also the config file format does not seem to have the
appropriate keys to recreate that setup.
- Fix crash after reload where a stats lookup could reference old key
cache and neg cache structures.
- Fix for memory leak when edns subnet config options are read when
compiled without edns subnet support.
- Fix auth zone support for NSEC3 records without salt.
- Merge PR#150 from Frzk: Systemd unit without chroot. It add
contrib/unbound_nochroot.service.in, a systemd file for use with
chroot: "", see comments in the file, it uses systemd protections
instead. It was superceded by #151, the unbound_portable.service
file.
- Merge PR#155 from Robert Edmonds: contrib/libunbound.pc.in: Fixes
to Libs/Requires for crypto library dependencies.
- iana portlist updated.
- Fix to silence the tls handshake errors for broken pipe and reset
by peer, unless verbosity is set to 2 or higher.
- Merge PR#147; change rfc reference for reserved top level dns names.
- Fix#157: undefined reference to `htobe64'.
- Fix subnet tests for disabled DSA algorithm by default.
- Update contrib/fastrpz.patch for clean diff with current code.
- updated .gitignore for added contrib file.
- Add build rule for ipset to Makefile
- Add getentropy_freebsd.o to Makefile dependencies.
- Fix memory leak in error condition remote.c
- Fix double free in error condition view.c
- Fix memory leak in do_auth_zone_transfer on success
- Stop working on socket when socket() call returns an error.
- Check malloc return values in TLS session ticket code
- Fix fclose on error in TLS session ticket code.
- Add assertion to please static analyzer
- Fixed stats when replying with cached, cname-aliased records.
- Added missing default values for redis cachedb backend.
- Fix num_reply_addr counting in mesh and tcp drop due to size
after serve_stale commit.
- Fix to create and destroy rpz_lock in auth_zones structure.
- Fix to lock zone before adding rpz qname trigger.
- Fix to lock and release once in mesh_serve_expired_lookup.
- Fix to put braces around empty if body when threading is disabled.
- Fix num_reply_states and num_detached_states counting with
serve_expired_callback.
- Cleaner code in mesh_serve_expired_lookup.
- Document in unbound.conf manpage that configuration clauses can be
repeated in the configuration file.
- Document 'ub_result.was_ratelimited' in libunbound.
- Fix use after free on log-identity after a reload; Fixes#163.
- Fix with libnettle make test with dsa disabled.
- Fix contrib/fastrpz.patch to apply cleanly. Fix for serve-stale
fixes, but it does not compile, conflicts with new rpz code.
- Fix to clean memory leak of respip_addr.lock when ip_tree deleted.
- Fix compile warning when threads disabled.
## Version 1.14.11
### Language and i18n
* Updated translations: Czech, German.
### Packaging
* Fixed data/dist information not being found on many platforms other than Windows (only
with the installer-created shortcut), as well as only the very first word being read instead
of the whole line.
* Added support for systemctl reload.
### Miscellaneous and bug fixes
* Silenced spurious warning about conflicting l10n-track files (issue #4716).
## 1.0.17
* Fixed arrow tip scaling: now scales with thickness instead of length (#967,
thanks to @redweasel)
* Changed coordinate draw direction (thanks to @redweasel)
* Fixed audio playback failures not showing error messages to the user (#1573)
* Fixed text tool bold shortcut not working when capslock is enabled (#1583,
thanks to @matepak)
* Fixed sidebar preview context menu "Move Page Up" and "Move Page Down" buttons
not being disabled on the first and last page, respectively (#1637)
* Fixed Enter keypress on the "Goto Page" (Ctrl-G) dialog not changing the page
(#975, thanks to @MrMallIronmaker)
* Fixed missing Xournal++ icon errors on most of the dialog windows (#1667)
* (Windows) Fixed missing libssl/libcrypto errors in the official installation
(#1660).
## 1.0.16
* Fixed currently editing textboxes not exporting to PDF.
* Fixed line tool breaking when snap-to-grid is disabled.
Update bind911 to 9.11.16 (BIND 9.11.16).
--- 9.11.16 released ---
5353. [doc] Document port and dscp parameters in forwarders
configuration option. [GL #914]
5352. [bug] Correctly handle catalog zone entries containing
characters that aren't legal in filenames. [GL #1592]
5351. [bug] CDS / CDNSKEY consistency checks failed to handle
removal records. [GL #1554]
5350. [bug] When a view was configured with class CHAOS,
dns_view_findzonecut() could incorrectly return
success for non-existent records. [GL #1540]
5348. [bug] dnssec-settime -Psync was not being honoured.
[GL !2925]
Update bind914 to 9.14.11 (BIND 9.14.11).
--- 9.14.11 released ---
5353. [doc] Document port and dscp parameters in forwarders
configuration option. [GL #914]
5352. [bug] Correctly handle catalog zone entries containing
characters that aren't legal in filenames. [GL #1592]
5351. [bug] CDS / CDNSKEY consistency checks failed to handle
removal records. [GL #1554]
5350. [bug] When a view was configured with class CHAOS, the
server could crash while processing a query for a
non-existent record. [GL #1540]
5348. [bug] dnssec-settime -Psync was not being honoured.
[GL !2925]
SuperTux 0.6.1.1 (2019-12-19)
---------------------------
This small bugfix release fixes an issue that caused right-to-left fonts, such as Arabic, to not be displayed properly in the AppImage builds on Linux. Apart from that, it's identical to 0.6.1.
SuperTux 0.6.1 (2019-12-15)
---------------------------
The SuperTux Team is excited to announce the availability of SuperTux 0.6.1. This is first and foremost a bugfix release that fixes reported issues after the release of 0.6.0 a year ago, however, we also introduced a lot of other changes, such as new graphics, levels and other game content.
Changes:
* Rework of the first 3 Bonus Worlds
* Added 3 new bonus worlds to the core game
* Improvements to the story mode
* Addition of Ghost Forest to the Story Mode
* New Backgrounds and Music by BlasterMaster
* Tiles and Sprites Improvements by Alzter, weluvgoatz and RustyBox
* New enemy: The Ghoul
* Fixes and optimizations (Fixing buggy controls, game speed, etc.)
* Level Editor Improvements, Fixes and Optimisations
* Revamp of the Credits Menu
* Blocks (and other objects behaving like blocks, such as lanterns) no longer jitter when stacked on top of one another
* Trampolines as bonus block contents no longer hurt Tux
* An issue causing music not to get saved in the level editor was fixed
Version 2.9, 2019-11-13 (maintenance release)
* Fix non-thread-safe behaviour in PluginAdapter. Plugins built
using the adapter classes in version 2.8 or earlier cannot safely
be used simultaneously across threads with other instances of
themselves or of other plugins in the same library (i.e. shared
object). Hosts have been required to provide synchronisation for
such cases. Version 2.9 introduces synchronisation in the plugin,
making this usage safe. Unfortunately this does not make host code
safe when using older plugin builds, as the problem and its fix
are in the plugin side of the SDK. Caution is still required, but
this fix does allow updated plugin builds to avoid problems with
some existing hosts
* Change required C++ language standard from C++98 to C++11. This
is because of the use of std::mutex in the above fix
UnrealIRCd 5.0.3.1
-------------------
This fixes a crash issue after REHASH in 5.0.3.
UnrealIRCd 5.0.3
-----------------
Fixes:
* Fix serious flood issue in labeled-response implementation.
* An IRCOp SQUIT'ing a far remote server may cause a broken link topology
* In channels that are +D (delayed join), PARTs were not shown correctly to
channel operators.
Enhancements:
* A new HISTORY command for history playback (```HISTORY #channel number-of-lines```)
which allows you to fetch more lines than the on-join history playback.
Of course, taking into account the set limits in the +H channel mode.
This command is one of the [two interfaces](https://www.unrealircd.org/docs/Channel_history#Ways_to_retrieve_history)
to [Channel history](https://www.unrealircd.org/docs/Channel_history).
* Two new [message tags](https://www.unrealircd.org/docs/Message_tags),
```unrealircd.org/userip``` and ```unrealircd.org/userhost```
which communicate the user@ip and real user@host to IRCOps.
Changes:
* Drop the draft/ prefix now that the IRCv3
[labeled-response](https://ircv3.net/specs/extensions/labeled-response.html)
specification is out of draft.
* The operclass permission ```immune:target-limit``` is now called
```immune:max-concurrent-conversations```, since it bypasses
[set::anti-flood::max-concurrent-conversations](https://www.unrealircd.org/docs/Set_block#set::anti-flood::max-concurrent-conversations).
For 99% of the users this change is not important, but it may be
if you use highly customized [operclass blocks](https://www.unrealircd.org/docs/Operclass_block)
Are you upgrading from UnrealIRCd 4.x to UnrealIRCd 5? If so,
then check out the *UnrealIRCd 5* release notes [further down](#unrealircd-5). At the
very least, check out [Upgrading from 4.x](https://www.unrealircd.org/docs/Upgrading_from_4.x).
Security
* Fix side channel vulnerability in ECDSA. Our bignum implementation is not
constant time/constant trace, so side channel attacks can retrieve the
blinded value, factor it (as it is smaller than RSA keys and not guaranteed
to have only large prime factors), and then, by brute force, recover the
key. Reported by Alejandro Cabrera Aldaya and Billy Brumley.
* Zeroize local variables in mbedtls_internal_aes_encrypt() and
mbedtls_internal_aes_decrypt() before exiting the function. The value of
these variables can be used to recover the last round key. To follow best
practice and to limit the impact of buffer overread vulnerabilities (like
Heartbleed) we need to zeroize them before exiting the function.
Issue reported by Tuba Yavuz, Farhaan Fowze, Ken (Yihang) Bai,
Grant Hernandez, and Kevin Butler (University of Florida) and
Dave Tian (Purdue University).
* Fix side channel vulnerability in ECDSA key generation. Obtaining precise
timings on the comparison in the key generation enabled the attacker to
learn leading bits of the ephemeral key used during ECDSA signatures and to
recover the private key. Reported by Jeremy Dubeuf.
* Catch failure of AES functions in mbedtls_ctr_drbg_random(). Uncaught
failures could happen with alternative implementations of AES. Bug
reported and fix proposed by Johan Uppman Bruce and Christoffer Lauri,
Sectra.
Bugfix
* Remove redundant line for getting the bitlen of a bignum, since the variable
holding the returned value is overwritten a line after.
Found by irwir in #2377.
* Support mbedtls_hmac_drbg_set_entropy_len() and
mbedtls_ctr_drbg_set_entropy_len() before the DRBG is seeded. Before,
the initial seeding always reset the entropy length to the compile-time
default.
Changes
* Add unit tests for AES-GCM when called through mbedtls_cipher_auth_xxx()
from the cipher abstraction layer. Fixes#2198.
* Clarify how the interface of the CTR_DRBG and HMAC modules relates to
NIST SP 800-90A. In particular CTR_DRBG requires an explicit nonce
to achieve a 256-bit strength if MBEDTLS_ENTROPY_FORCE_SHA256 is set.
Bullet 2.89 includes a new implementation of volumetric deformable objects and cloth based on the Finite Element Method, thanks to Xuchen Han. Two-way coupling between deformables and rigid/multi body is achieved using a unified constraint solver.
