Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Apply security patches #135

Closed
wesley974 opened this issue Apr 1, 2024 · 1 comment
Closed

Apply security patches #135

wesley974 opened this issue Apr 1, 2024 · 1 comment

Comments

@wesley974
Copy link

Hi,

I'm using NetBSD 9.2.
I wish to apply the security patches located at: https://www.netbsd.org/support/security/patches-9.2.html

How can I do that?

Many thanks!

@wesley974
Copy link
Author

sorry for the noise. Not the good place to post this.

netbsd-srcmastr pushed a commit that referenced this issue Apr 29, 2024
Changes in 2.2.5

    #117: Document that empty for Concurrently waits forever
    #120: Add ConcurrentlyE.
    #123: Fix failing concurrentlyE tests in older GHCs.
    #124: Allow hashable 1.4
    #126: Semigroup and Monoid instances for ConcurrentlyE
    #120: Add ConcurrentlyE
    #138: expose internals as Control.Concurrent.Async.Internal
    #131: Fix typos in docs
    #132: waitAny(Catch): clarify non-empty input list requirement
    #142: Add cancelMany
    #135, #145, #150: Support for GHC 9.4, 9.6, 9.8
    Document that empty for Concurrently waits forever.
netbsd-srcmastr pushed a commit that referenced this issue Apr 30, 2024
Version 1.7.0
.............

Released on 2024-04-27

* Drop Python 3.7 support, add Python 3.12 support
* `#221 <https://github.com/Kozea/cairocffi/pull/225>`_:
  Add environment variable to set folder where DLLs are installed on Windows
* `#225 <https://github.com/Kozea/cairocffi/pull/225>`_:
  Use Ruff instead of Flake8 and isort


Version 1.6.1
.............

Released on 2023-07-24

* `#217 <https://github.com/Kozea/cairocffi/issues/217>`_:
  Repair installation with PyInstaller


Version 1.6.0
.............

Released on 2023-06-12

**This version uses a new CFFI mode that may break your program.**

CairoCFFI now uses Flit for packaging and is also distributed as a Python
wheel.

Please test carefully and don’t hesitate to report issues before using it in
production.

* `#216 <https://github.com/Kozea/cairocffi/pull/216>`_:
  Use ABI-level in-line CFFI mode


Version 1.5.1
.............

Released on 2023-04-15

* `#212 <https://github.com/Kozea/cairocffi/issues/212>`_:
  Bring back XCB support during wheel generation


Version 1.5.0
.............

Released on 2023-03-17

* `#106 <https://github.com/Kozea/cairocffi/issues/106>`_,
  `#200 <https://github.com/Kozea/cairocffi/issues/200>`_:
  Fallback to manual PNG file creation on hardened systems
* `#210 <https://github.com/Kozea/cairocffi/pull/210>`_:
  Use pyproject.toml for packaging and remove other useless files


Version 1.4.0
.............

Released on 2022-09-23

* `#205 <https://github.com/Kozea/cairocffi/pull/205>`_:
  Use pikepdf to parse generated PDF
* `#171 <https://github.com/Kozea/cairocffi/pull/171>`_:
  Don’t use deprecated pytest-runner anymore


Version 1.3.0
.............

Released on 2021-10-04

* `2cd512d <https://github.com/Kozea/cairocffi/commit/2cd512d>`_:
  Drop Python 3.6 support
* `#196 <https://github.com/Kozea/cairocffi/pull/196>`_:
  Fix import `constants.py` import
* `#169 <https://github.com/Kozea/cairocffi/pull/169>`_:
  Add extra library name "cairo-2.dll"
* `#178 <https://github.com/Kozea/cairocffi/pull/178>`_:
  Workaround for testing date string with cairo 1.17.4
* `#186 <https://github.com/Kozea/cairocffi/pull/186>`_:
  Fix link in documentation
* `#195 <https://github.com/Kozea/cairocffi/pull/195>`_:
  Fix typo in documentation
* `#184 <https://github.com/Kozea/cairocffi/pull/184>`_,
  `a4fc2a7 <https://github.com/Kozea/cairocffi/commit/a4fc2a7>`_:
  Clean .gitignore


Version 1.2.0
.............

Released on 2020-10-29

* `#152 <https://github.com/Kozea/cairocffi/pull/152>`_:
  Add NumPy support
* `#143 <https://github.com/Kozea/cairocffi/issues/143>`_:
  Make write_to_png function work on hardened systems
* `#156 <https://github.com/Kozea/cairocffi/pull/156>`_:
  Use major version name to open shared libraries
* `#165 <https://github.com/Kozea/cairocffi/pull/165>`_:
  Don’t list setuptools as required for installation


Version 1.1.0
.............

Released on 2019-09-05

* `#135 <https://github.com/Kozea/cairocffi/pull/135>`_,
  `#127 <https://github.com/Kozea/cairocffi/pull/127>`_,
  `#119 <https://github.com/Kozea/cairocffi/pull/119>`_:
  Clean the way external libraries are found
* `#126 <https://github.com/Kozea/cairocffi/pull/126>`_:
  Remove const char* elements from cdef
* Support Cairo features up to 1.17.2
* Fix documentation generation


Version 1.0.2
.............

Released on 2019-02-15

* `#123 <https://github.com/Kozea/cairocffi/issues/123>`_:
  Rely on a recent version of setuptools to handle VERSION


Version 1.0.1
.............

Released on 2019-02-12

* `#120 <https://github.com/Kozea/cairocffi/issues/120>`_:
  Don't delete _generated modules on ffi_build import


Version 1.0.0
.............

Released on 2019-02-08

6 years after its first release, cairocffi can now be considered as stable.

* Drop Python 2.6, 2.7 and 3.4 support
* Test with Python 3.7
* Clean code, tests and packaging
netbsd-srcmastr pushed a commit that referenced this issue Apr 30, 2024
v20.4.0
=======

Features
--------

- Replace deprecated ssl.wrap_socket with SSLContext.wrap_socket and update examples in connection.py docs. (#216)


v20.3.1
=======

No significant changes.


v20.3.0
=======

Features
--------

- Added support for SASL login. (#195)


Bugfixes
--------

- Better handling of escape sequences in message tags. (#205)


v20.2.0
=======

Features
--------

- Require Python 3.8 or later.


v20.1.1
=======

* #213: Pinned against jaraco.text 3.10 due to change in interface.

v20.1.0
=======

* #196: In irc.bot, avoid hanging idle when the first connection
  attempt fails.

v20.0.0
=======

* ``SingleServerIRCBot`` no longer accepts ``reconnection_interval``
  as a parameter.

* Added server support for NOTICE commands.

* Require Python 3.7 or later.

v19.0.1
=======

* #176: Fix issues with version number reporting. Restored version
  version number reporting in bot and client.

v19.0.0
=======

* ``irc.client`` no longer exposes a ``VERSION`` or ``VERSION_STRING``.
  To get the version, call ``importlib.metadata.version('irc')`` directly.

v18.0.0
=======

* Require Python 3.6 or later.

17.1
====

* Rely on
  `importlib_metadata <https://pypi.org/project/importlib_metadata/>`_
  for loading version from metadata. Removes implicit dependency on
  setuptools and pkg_resources.

* #158: The AsyncIO server now accepts a connection factory to
  enable features like SSL and IPv6 support.

* #155: ``SimpleIRCClient`` now has a ``dcc`` method for initiating
  and associating a DCCConnection object with the client.
  ``DCCConnection.listen`` now accepts a ``address`` parameter.
  Deprecated ``SimpleIRCClient.dcc_listen`` and
  ``SimpleIRCClient.dcc_connect`` in favor of the better separation
  of concerns. Clients should replace::

    client.dcc_connect(addr, port, type)
    client.dcc_listen(type)

  with::

    client.dcc(type).connect(addr, port)
    client.dcc(type).listen()


17.0
====

* Removed ``irc.buffer`` module, deprecated in 14.2.
* #153: Drop support for Python 3.3 and 2.7.

16.4
====

* Long Term Service release for Python 2.7.
* #149: ``AioConnection.connect`` moved to coroutine, added
  disconnect handling for AsyncIO.

16.3
====

* #140: Methods now use 'connection' and 'event' for parameter names.

* #135 via #144: Added AsyncIO implementation.

16.2.1
======

* Package refresh and cleanup.

16.2
====

* #133: In ``irc.server``, add support for ISON.

16.1
====

* #131: Add ``Connection.encode`` and ``Connection.transmit_encoding``
  to enable encodings other than UTF-8 to be used when transmitting
  text.

16.0
====

* Removed deprecated ``execute_*`` methods on ``Connection``
  and ``Reactor`` as introduced in 15.0.

* Fixed link in README.

15.1.1
======

* New ``send_items`` method takes star args for simplicity
  in the syntax and usage.

15.1
====

* Introduce ``ServerConnection.send_items``, consolidating
  common behavior across many methods previously calling
  ``send_raw``.

15.0.6
======

* Now publish `documentation <https://python-irc.readthedocs.io/>`_
  to Read The Docs.

15.0.5
======

* #119: Handle broken pipe exception in IRCClient _send() (server.py).

15.0.4
======

* #116: Correct invocation of execute_every.

15.0.3
======

* #115: Fix AttributeError in ``execute_at`` in scheduling
  support.

15.0.2
======

* #113: Use preferred scheduler in the bot implementation.

15.0.1
======

* Deprecated calls to Connection.execute_*
  and Reactor.execute_*. Instead, call the
  equivalently-named methods on the reactor's
  scheduler.

15.0
====

* The event scheduling functionality has been decoupled
  from the client.Reactor object. Now the reactor will
  construct a Scheduler from the scheduler_class property,
  which must be an instance of irc.schedule.IScheduler.

  The ``_on_schedule`` parameter is no longer accepted
  to the Reactor class. Implementations requiring a
  signal during scheduling should hook into the ``add``
  method of the relevant scheduler class.

* Moved the underlying scheduler implementation to
  `tempora <https://pypi.org/project/tempora>`_, allowing
  it to be re-used for other purposes.

14.2.2
======

* Issue #98: Add an ugly hack to force ``build_sphinx``
  command to have the requisite libraries to build
  module documentation.

14.2.1
======

* Issue #97: Restore ``irc.buffer`` module for
  compatibility.
* Issue #95: Update docs to remove missing or
  deprecated modules.
* Issue #96: Declare Gitter support as a badge in the
  docs.

14.2
====

* Moved buffer module to `jaraco.stream
  <https://pypi.python.org/pypi/jaraco.stream>`_ for
  use in other packages.

14.1
====

* ``SingleServerIRCBot`` now accepts a ``recon``
  parameter implementing a ReconnectStrategy. The new
  default strategy is ExponentialBackoff, implementing an
  exponential backoff with jitter.
  The ``reconnection_interval`` parameter is now deprecated
  but retained for compatibility. To customize the minimum
  time before reconnect, create a custom ExponentialBackoff
  instance or create another ReconnectStrategy object and
  pass that as the ``recon`` parameter. The
  ``reconnection_interval`` parameter will be removed in
  future versions.
* Issue #82: The ``ExponentialBackoff`` implementation
  now protects from multiple scheduled reconnects, avoiding
  the issue where reconnect attempts accumulate
  exponentially when the bot is immediately disconnected
  by the server.

14.0
====

* Dropped deprecated constructor
  ``connection.Factory.from_legacy_params``. Use the
  natural constructor instead.
* Issue #83: ``connection.Factory`` no longer attempts
  to bind before connect unless a bind address is specified.

13.3.1
======

* Now remove mode for owners, halfops, and admins when the user
  is removed from a channel.
* Refactored the Channel class implementation for cleaner, less
  repetitive code.
* Expanded tests coverage for Channel class.

13.3
====

* Issue #75: In ``irc.bot``, add support for tracking admin
  status (mode 'a') in channels. Use ``channel.is_admin``
  or ``channel.admins`` to identify admin users for a channel.

* Removed deprecated irc.logging module.

13.2
====

* Moved hosting to github.

13.1.1
======

* Issue #67: Fix infinite recursion for ``irc.strings.IRCFoldedCase``
  and ``irc.strings.lower``.

13.1
====

* Issue #64: ISUPPORT PREFIX now retains the order of
  permissions for each prefix.

13.0
====

* Updated ``schedule`` module to properly support timezone aware
  times and use them by default. Clients that rely on the timezone
  naïve datetimes may restore the old behavior by overriding the
  ``schedule.now`` and ``schedule.from_timestamp`` functions
  like so:

    schedule.from_timestamp = datetime.datetime.fromtimestamp
    schedule.now = datetime.datetime.now

  Clients that were previously patching
  ``schedule.DelayedCommand.now`` will need to instead patch
  the aforementioned module-global methods. The
  classmethod technique was a poor interface for effectively
  controlling timezone awareness, so was likely unused. Please
  file a ticket with the project for support with your client
  as needed.

12.4.2
======

* Bump to jaraco.functools 1.5 to throttler failures in Python 2.

12.4
====

* Moved ``Throttler`` class to `jaraco.functools
  <https://bitbucket.org/jaraco/jaraco.functools>`_ 1.4.

12.3
====

* Pull Request #33: Fix apparent escaping issue with IRCv3 tags.

12.2
====

* Pull Request #32: Add numeric for WHOX reply.
* Issue #62 and Pull Request #34: Add support for tags in message
  processing and ``Event`` class.

12.1.2
======

* Issue #59: Fixed broken references to irc.client members.
* Issue #60: Fix broken initialization of ``irc.server.IRCClient`` on
  Python 2.

12.1.1
======

* Issue #57: Better handling of Python 3 in testbot.py script.

12.1
====

* Remove changelog from package metadata.

12.0
====

* Remove dependency on jaraco.util. Instead depend on surgical packages.
* Deprecated ``irc.logging`` in favor of ``jaraco.logging``.
* Dropped support for Python 3.2.
netbsd-srcmastr pushed a commit that referenced this issue Jun 5, 2024
 - Breaking change: zero_timeout_behavior now defaults to NeverExpire (correct according to notification spec). You can change it back by setting it to UseDefault.
 - Updated notification timeout configuration to match the freedesktop spec. Thanks @bcspragu!
 - Fix replacement not updating layout properly (#145).
 - Fix replacement not resizing notification properly (#135).
netbsd-srcmastr pushed a commit that referenced this issue Jul 30, 2024
Upstream changes:
## 2024 05 11

    - The option --valign-signed-numbers, or -vsn is now the default. It
      was introduced in the previous release has been found to significantly
      improve the overall appearance of columns of signed and unsigned
      numbers.  See the previous Change Log entry for an example.
      This will change the formatting in scripts with columns
      of vertically aligned signed and unsigned numbers.
      Use -nvsn to turn this option off and avoid this change.

    - Previously, a line break was made before a short concatenated terminal
      quoted string, such as "\n", if the previous line had a greater
      starting indentation. The break is now placed after the short quote.
      This keeps code a little more compact. For example:

    # old rule: break before "\n" here because '$name' has more indentation:
    my $html = $this->SUPER::genObject( $query, $bindNode, $field . ":$var",
        $name, "remove", "UNCHECKED" )
      . "\n";

    # new rule: break after a short terminal quote like "\n" for compactness;
    my $html = $this->SUPER::genObject( $query, $bindNode, $field . ":$var",
        $name, "remove", "UNCHECKED" ) . "\n";

    - The option --delete-repeated-commas is now the default.

      It makes the following checks and changes:
      - Repeated commas like ',,' are removed with a warning
      - Repeated fat commas like '=> =>' are removed with a warning
      - The combination '=>,' produces a warning but is not changed
      These warnings are only output if --warning-output, or -w, is set.

      Use --nodelete-repeated-commas, or -ndrc, to retain repeated commas.

    - The operator ``**=`` now has spaces on both sides by default. Previously,
      there was no space on the left.  This change makes its spacing the same
      as all other assignment operators. The previous behavior can be obtained
      with the parameter setting -nwls='**='.

    - The option --file-size-order, or -fso is now the default. When
      perltidy is given a list of multiple filenames to process, they
      are sorted by size and processed in order of increasing size.
      This can significantly reduce memory usage by Perl.  This
      option has always been used in testing, where typically several
      jobs each operating on thousands of filenames are running at the
      same time and competing for system resources.  If this option
      is not wanted for some reason, it can be deactivated with -nfso.

    - In the option --dump-block-summary, the number of sub arguments indicated
      for each sub now includes any leading object variable passed with
      an arrow-operator call.  Previously the count would have been decreased
      by one in this case. This change is needed for compatibility with future
      updates.

    - Fix issue git #138 involving -xlp (--extended-line-up-parentheses).
      When multiple-line quotes and regexes have long secondary lines, these
      line lengths could influencing some spacing and indentation, but they
      should not have since perltidy has no control over their indentation.
      This has been fixed. This will mainly influence code which uses -xlp
      and has long multi-line quotes.

    - Add option --minimize-continuation-indentation, -mci (see git #137).
      This flag allows perltidy to remove continuation indentation in some
      special cases where it is not really unnecessary. For a simple example,
      the default formatting for the following snippet is:

        # perltidy -nmci
        $self->blurt( "Error: No INPUT definition for type '$type', typekind '"
              . $type->xstype
              . "' found" );

      The second and third lines are one level deep in a container, and
      are also statement continuations, so they get indented by the sum
      of the -i value and the -ci value.  If this flag is set, the
      indentation is reduced by -ci spaces, giving

        # perltidy -mci
        $self->blurt( "Error: No INPUT definition for type '$type', typekind '"
            . $type->xstype
            . "' found" );

      This situation is relatively rare except in code which has long
      quoted strings and the -nolq flag is also set.  This flag is currently
      off by default, but it could become the default in a future version.

    - Add options --dump-mismatched-args (or -dma) and
      --warn-mismatched-arg (or -wma).  These options look
      for and report instances where the number of args expected by a
      sub appear to differ from the number passed to the sub.  The -dump
      version writes the results for a single file to standard output
      and exits:

         perltidy -dma somefile.pl >results.txt

      The -warn version formats as normal but reports any issues as warnings in
      the error file:

         perltidy -wma somefile.pl

      The -warn version may be customized with the following additional parameters
      if necessary to avoid needless warnings:

      --warn-mismatched-arg-types=s (or -wmat=s),
      --warn-mismatched-arg-exclusion-list=s (or -wmaxl=s), and
      --warn-mismatched-arg-undercount-cutoff=n (or -wmauc=n).
      --warn-mismatched-arg-overcount-cutoff=n (or -wmaoc=n).

      These are explained in the manual.

    - Add option --valign-wide-equals, or -vwe, for issue git #135.
      Setting this parameter causes the following assignment operators

         = **= += *= &= <<= &&= -= /= |= >>= ||= //= .= %= ^= x=

      to be aligned vertically with the ending = all aligned. For example,
      here is the default formatting of a snippet of code:

            $str .= SPACE x $total_pad_count;
            $str_len += $total_pad_count;
            $total_pad_count = 0;
            $str .= $rfields->[$j];
            $str_len += $rfield_lengths->[$j];

      And here is the same code formatted with -vwe:

            # perltidy -vwe
            $str             .= SPACE x $total_pad_count;
            $str_len         += $total_pad_count;
            $total_pad_count  = 0;
            $str             .= $rfields->[$j];
            $str_len         += $rfield_lengths->[$j];

      This option currently is off by default to avoid changing existing
      formatting.

    - Added control --delete-interbracket-arrows, or -dia, to delete optional
      hash ref and array ref arrows between brackets as in the following
      expression (see git #131)

        return $self->{'commandline'}->{'arg_list'}->[0]->[0]->{'hostgroups'};

        # perltidy -dia gives:
        return $self->{'commandline'}{'arg_list'}[0][0]{'hostgroups'};

      Added the opposite control --aia-interbracket-arrows, or -aia, to
      add arrows. So applied to the previous line the arrows are restored:

        # perltidy -aia
        return $self->{'commandline'}->{'arg_list'}->[0]->[0]->{'hostgroups'};

     The manual describes additional controls for adding and deleting
     just selected interbracket arrows.
netbsd-srcmastr pushed a commit that referenced this issue Sep 18, 2024
0.13.0 (2024-09-09)

Enhancements

* Cache erb templates when generating report. See #114 (thanks @fatkodima).
* Print branch coverage with line coverage. See #103 (thanks @jeremyevans).
* Add line number anchors. Thanks @jantman for the proposal #49 and
  @nishidayuya for the patch #106!
* Add inline assets option. See #107 (thanks @frankh).
* Make close button look better. See #140 (thanks @anthony0030).
* Avoid "permission denied" errors by removing the destination before
  copying assets #135 (thanks @tomeon).
* Improve clarity of line and branch coverage format. See #125 (thanks
  @joshuapinter).

Bugfixes

* Avoid loading favicon.png that does not exist. See #123 (thanks
  @yyamanoi1222).

Misc

* Reduced gem size by not including development-only files.
* Bundle jQuery 3.7.1. See #108 (thanks @jgarland79 for reporting the issue).


0.13.1 (2024-09-09)

Misc

* Drop base64 dependency. See #144 (thanks @Earlopain).
netbsd-srcmastr pushed a commit that referenced this issue Oct 21, 2024
1.68 -- 2024-10-18
	[CHANGES]
	 * Added (empty) Scalar::List::Utils module so that a module exists
	   which matches the name of the distribution (GH #135)

1.67 -- 2024-10-18
	[BUGFIXES]
	 * zip() and mesh() should not alias their input values into the
	   returned results (RT156183)
	 * Exception message from mesh() should name the correct function
netbsd-srcmastr pushed a commit that referenced this issue Nov 6, 2024
# nloptr 2.1.1

This is a patch release to work around a bug in the CRAN checks. Specifically,
one of the unit tests for the `isres()` algorithm was failing on some CRAN
builds because convergence is stochastic with slightly different results even
with the same fixed seed prior to calling the function.

# nloptr 2.1.0
This release deprecates the default behavior of the inequality equations in any
wrapper function which uses them. Currently, they are calibrated to be >= 0.
This version allows for the equations to be consistent with the main `nloptr`
function, which requires <= 0. In a future release, the default behavior will
switch to assuming the calibration is <= 0, and eventually, the >= 0 behavior
will be removed. It also includes a large number of safety and efficiency
changes, and an expansion of the unit tests to 100% coverage for all files but
one. The major changes include:

* Reversed the direction of the inequality equations `hin` and `hinjac` in the
wrapper functions which use them, bringing them into compliance with the main
`nloptr` call. This addresses
[Issue #148](astamm/nloptr#148);
* Cleaned the Hock-Schittkowski problem no. 100, Hartmann 6-dimensional, and
Powell exponential examples. This addresses
[Issue #152](astamm/nloptr#152) and
[Issue #156](astamm/nloptr#156);
* Updated roxygen version;
* Updated maintainer email;
* Deal with NA returns from `parallel::detectCores()` (contributed by @jeroen in
PR #150);
* Setup rhub v2 checks;
* Update cmake installation instructions on Mac with brew (#146);
* Allow use of equality constraints with COBYLA (#135);
* Replaced the unit testing framework of `testthat` with `tinytest` (See
[Issue #136](astamm/nloptr#136));
* Brought coverage of `is.nloptr` to 100%. The only file not completely covered
by unit tests is `nloptr.c`. The uncovered calls are error messages which get
trapped by tests in R before the call gets to C;
* Linted package for code correctness and consistency;
* Updated vignette, DESCRIPTION, and NEWS;
* Updated package website to use bootstrap 5;
* Expanded unit tests: coverage now over 97% with no file below 90%;
* Removed forcing `C++11`;
* Added safety checks to C code;
* Added many safety and efficiency enhancements to R code;
* Most R code style made self-consistent;
* Updated documentation and messages for accuracy and mathematical formatting
* Updated Github actions;
* Some bugfixes (e.g. in `isres` or the warning in `nl.grad`).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant