security/xhash: Bump to v3.3.3 and latest dependencies #139

ricardobranco777 · 2024-05-19T13:35:49Z

Bump to v3.3.3 and latest dependencies

Ref: pkg/58267

@flavorjones

Upstream changes: https://github.com/flavorjones/mini_portile/blob/v2.8.7/CHANGELOG.md 2.8.7 / 2024-05-31 Added * When setting the C compiler through the MiniPortile constructor, the preferred keyword argument is now :cc_command. The original :gcc_command is still supported. (#144 by @flavorjones) * Add support for extracting xz-compressed tarballs on OpenBSD. (#141 by @postmodern) * Add OpenBSD support to the experimental method MakeMakefile#mkmf_config. (# 141 by @flavorjones) Changed * MiniPortileCMake now detects the C and C++ compiler the same way MiniPortile does: by examining environment variables, then using kwargs, then looking in RbConfig (in that order). (#144 by @flavorjones) * GPG file verification error messages are captured in the raised exception. Previously these errors went to stderr. (#145 by @flavorjones) 2.8.6 / 2024-04-14 Added * When using CMake on FreeBSD, default to clang's "cc" and "c++" compilers. (#139 by @mudge)

This is a point release intended to clear up a couple of CVEs and apply point fixes that have been accumulating since 5.2.1 There are a few unresolved (but minor) memory leaks related to design issues in the API that still need to be resolved. Expect those fixes in the next release. Code Fixes ---------- * Fixes for CVE-2023-48161, CVE-2022-28506, * Address SF issue #138 Documentation for obsolete utilities still installed * Address SF issue #139: Typo in "LZW image data" page ("110_2 = 4_10") * Address SF issue #140: Typo in "LZW image data" page ("LWZ") * Address SF issue #141: Typo in "Bits and bytes" page ("filed") * Note as already fixed SF issue #143: cannot compile under mingw * Address SF issue #144: giflib-5.2.1 cannot be build on windows and other platforms using c89 * Address SF issue #145: Remove manual pages installation for binaries that are not installed too * Address SF issue #146: [PATCH] Limit installed man pages to binaries, move giflib to section 7 * Address SF issue #147 [PATCH] Fixes to doc/whatsinagif/ content * Address SF issue #148: heap Out of Bound Read in gif2rgb.c:298 DumpScreen2RGB * Declared no-info on SF issue #150: There is a denial of service vulnerability in GIFLIB 5.2.1 * Declared Won't-fix on SF issue 149: Out of source builds no longer possible * Address SF issue #151: A heap-buffer-overflow in gif2rgb.c:294:45 * Address SF issue #152: Fix some typos on the html documentation and man pages * Address SF issue #153: Fix segmentation faults due to non correct checking for args * Address SF issue #154: Recover the giffilter manual page * Address SF issue #155: Add gifsponge docs * Address SF issue #157: An OutofMemory-Exception or Memory Leak in gif2rgb * Address SF issue #158: There is a null pointer problem in gif2rgb * Address SF issue #159 A heap-buffer-overflow in GIFLIB5.2.1 DumpScreen2RGB() in gif2rgb.c:298:45 * Address SF issue #163: detected memory leaks in openbsd_reallocarray giflib/openbsd-reallocarray.c * Address SF issue #164: detected memory leaks in GifMakeMapObject giflib/gifalloc.c * Address SF issue #166: a read zero page leads segment fault in getarg.c and memory leaks in gif2rgb.c and gifmalloc.c * Address SF issue #167: Heap-Buffer Overflow during Image Saving in DumpScreen2RGB Function at Line 321 of gif2rgb.c

@t3chguy

Changes in [1.11.86](https://github.com/element-hq/element-web/releases/tag/v1.11.86) (2024-11-19) ================================================================================================== ## ✨ Features * Deduplicate icons using Compound Design Tokens ([#28419](element-hq/element-web#28419)). Contributed by @t3chguy. * Let widget driver send error details ([#28357](element-hq/element-web#28357)). Contributed by @AndrewFerr. * Deduplicate icons using Compound Design Tokens ([#28381](element-hq/element-web#28381)). Contributed by @t3chguy. * Auto approvoce `io.element.call.reaction` capability for element call widgets ([#28401](element-hq/element-web#28401)). Contributed by @toger5. * Show message type prefix in thread root \& reply previews ([#28361](element-hq/element-web#28361)). Contributed by @t3chguy. * Support sending encrypted to device messages from widgets ([#28315](element-hq/element-web#28315)). Contributed by @hughns. ## 🐛 Bug Fixes * Feed events to widgets as they are decrypted (even if out of order) ([#28376](element-hq/element-web#28376)). Contributed by @robintown. * Handle authenticated media when downloading from ImageView ([#28379](element-hq/element-web#28379)). Contributed by @t3chguy. * Ignore `m.3pid_changes` for Identity service 3PID changes ([#28375](element-hq/element-web#28375)). Contributed by @t3chguy. * Fix markdown escaping wrongly passing html through ([#28363](element-hq/element-web#28363)). Contributed by @t3chguy. * Remove "Upgrade your encryption" flow in `CreateSecretStorageDialog` ([#28290](element-hq/element-web#28290)). Contributed by @florianduros. Changes in [1.11.85](https://github.com/element-hq/element-web/releases/tag/v1.11.85) (2024-11-12) ================================================================================================== # Security - Fixes for [CVE-2024-51750](https://www.cve.org/CVERecord?id=CVE-2024-51750) / [GHSA-w36j-v56h-q9pc](GHSA-w36j-v56h-q9pc) - Fixes for [CVE-2024-51749](https://www.cve.org/CVERecord?id=CVE-2024-51749) / [GHSA-5486-384g-mcx2](GHSA-5486-384g-mcx2) - Update JS SDK with the fixes for [CVE-2024-50336](https://www.cve.org/CVERecord?id=CVE-2024-50336) / [GHSA-xvg8-m4x3-w6xr](GHSA-xvg8-m4x3-w6xr) Changes in [1.11.84](https://github.com/element-hq/element-web/releases/tag/v1.11.84) (2024-11-05) ================================================================================================== ## ✨ Features * Remove abandoned MSC3886, MSC3903, MSC3906 implementations ([#28274](element-hq/element-web#28274)). Contributed by @t3chguy. * Update to React 18 ([#24763](element-hq/element-web#24763)). Contributed by @t3chguy. * Deduplicate icons using Compound ([#28239](element-hq/element-web#28239)). Contributed by @t3chguy. * Replace legacy Tooltips with Compound tooltips ([#28231](element-hq/element-web#28231)). Contributed by @t3chguy. * Deduplicate icons using Compound Design Tokens ([#28219](element-hq/element-web#28219)). Contributed by @t3chguy. * Add reactions to html export ([#28210](element-hq/element-web#28210)). Contributed by @langleyd. * Remove feature\_dehydration ([#28173](element-hq/element-web#28173)). Contributed by @florianduros. ## 🐛 Bug Fixes * Remove upgrade encryption in `DeviceListener` and `SetupEncryptionToast` ([#28299](element-hq/element-web#28299)). Contributed by @florianduros. * Fix 'remove alias' button in room settings ([#28269](element-hq/element-web#28269)). Contributed by @Dev-Gurjar. * Add back unencrypted path in `StopGapWidgetDriver.sendToDevice` ([#28295](element-hq/element-web#28295)). Contributed by @florianduros. * Fix other devices not being decorated as such ([#28279](element-hq/element-web#28279)). Contributed by @t3chguy. * Fix pill contrast in invitation dialog ([#28250](element-hq/element-web#28250)). Contributed by @florianduros. * Close right panel chat when minimising maximised voip widget ([#28241](element-hq/element-web#28241)). Contributed by @t3chguy. * Fix develop changelog parsing ([#28232](element-hq/element-web#28232)). Contributed by @t3chguy. * Fix Ctrl+F shortcut not working with minimised room summary card ([#28223](element-hq/element-web#28223)). Contributed by @t3chguy. * Fix network dropdown missing checkbox \& aria-checked ([#28220](element-hq/element-web#28220)). Contributed by @t3chguy. Changes in [1.11.83](https://github.com/element-hq/element-web/releases/tag/v1.11.83) (2024-10-29) ================================================================================================== ## ✨ Features * Enable Element Call by default on release instances ([#28314](element-hq/element-web#28314)). Contributed by @t3chguy. Changes in [1.11.82](https://github.com/element-hq/element-web/releases/tag/v1.11.82) (2024-10-22) ================================================================================================== ## ✨ Features * Deduplicate more icons using Compound Design Tokens ([#132](element-hq/matrix-react-sdk#132)). Contributed by @t3chguy. * Always show link new device flow even if unsupported ([#147](element-hq/matrix-react-sdk#147)). Contributed by @t3chguy. * Update design of files list in right panel ([#144](element-hq/matrix-react-sdk#144)). Contributed by @t3chguy. * Remove feature\_dehydration ([#138](element-hq/matrix-react-sdk#138)). Contributed by @florianduros. * Upgrade emojibase-bindings and remove local handling of emoticon variations ([#127](element-hq/matrix-react-sdk#127)). Contributed by @langleyd. * Add support for rendering media captions ([#43](element-hq/matrix-react-sdk#43)). Contributed by @tulir. * Replace composer icons with Compound variants ([#123](element-hq/matrix-react-sdk#123)). Contributed by @t3chguy. * Tweak default right panel size to be 320px except for maximised widgets at 420px ([#110](element-hq/matrix-react-sdk#110)). Contributed by @t3chguy. * Add a pinned message badge under a pinned message ([#118](element-hq/matrix-react-sdk#118)). Contributed by @florianduros. * Ditch right panel tabs and re-add close button ([#99](element-hq/matrix-react-sdk#99)). Contributed by @t3chguy. * Force verification even for refreshed clients ([#44](element-hq/matrix-react-sdk#44)). Contributed by @dbkr. * Update emoji text, border and background colour in timeline ([#119](element-hq/matrix-react-sdk#119)). Contributed by @florianduros. * Disable ICE fallback based on well-known configuration ([#111](element-hq/matrix-react-sdk#111)). Contributed by @t3chguy. * Remove legacy room header and promote beta room header ([#105](element-hq/matrix-react-sdk#105)). Contributed by @t3chguy. * Respect `io.element.jitsi` `useFor1To1Calls` in well-known ([#112](element-hq/matrix-react-sdk#112)). Contributed by @t3chguy. * Use Compound close icon in favour of mishmash of x/close icons ([#108](element-hq/matrix-react-sdk#108)). Contributed by @t3chguy. ## 🐛 Bug Fixes * Correct typo in option documentation ([#28148](element-hq/element-web#28148)). Contributed by @AndrewKvalheim. * Revert #124 and #135 ([#139](element-hq/matrix-react-sdk#139)). Contributed by @dbkr. * Add aria-label to e2e icon ([#136](element-hq/matrix-react-sdk#136)). Contributed by @florianduros. * Fix bell icons on room list hover being black squares ([#135](element-hq/matrix-react-sdk#135)). Contributed by @dbkr. * Fix vertical overflow on the mobile register screen ([#137](element-hq/matrix-react-sdk#137)). Contributed by @langleyd. * Allow to unpin redacted event ([#98](element-hq/matrix-react-sdk#98)). Contributed by @florianduros.

@brownag

# wk 0.9.4 - Ensure package tests pass against sf 1.0-18 (#224, #225). # wk 0.9.3 - Ensure package compiles with `STRICT_R_HEADERS=1` (#222). # wk 0.9.2 - Add `wk_crs()` and `wk_set_crs()` methods for `bbox` (#213) - Fix wk_trans inconsistent meta flags handling (#217) - Ensure package builds on arm64 for Windows (#220) # wk 0.9.1 - Fix format strings/arguments for R-devel (#209). # wk 0.9.0 ## Breaking changes - The common well-known binary representation of POINT EMPTY (i.e., POINT (nan nan)) is now handled as POINT EMPTY allowing empty points to roundtrip through `wkb()` vectors (#196, #204). - `xy(NA, NA)` is now read as a null feature instead of POINT EMPTY. This preserves the invariant that null features can also be identified using `is.na()` (#205). - `xy(NaN, NaN)` is now read as POINT EMPTY and `is.na(xy(NaN, NaN))` now returns `FALSE`. This means that both EMPTY and null points can roundtrip through `xy()` (#205). ## Bugfixes and improvements - `wk_meta()` now contains a new column `is_empty`, which is `TRUE` for any feature that contains at least one non-empty coordinate. This allows more efficient detection of features with zero coordinates (#197, #199). - Updated PROJ data to use the latest pull of the database packaged with PROJ 9.3.0 (#201). - The wk package now compiles once again on gcc 4.8 (#203, #206). - Fixed `sfc_writer()` to correctly attach the `classes` attribute to sfc output with mixed geometry types (#195). - Function `sfc_writer()` now has an argument `promote_multi` to write any input as the MULTI variant. This makes it more likely that an input vector will be read as a single geometry type (#198). - The `wk_collection_filter()` now correctly increments the `part_id` when calling the child handler (@brownag, #194). # wk 0.8.0 * Added `wkb_to_hex()` (@anthonynorth, #183). * Implemented `vctrs::vec_proxy_equal()` for `wkb()` vctrs (@anthonynorth, #183). * Fixed `sfc_writer()`, which had returned NULL for some inputs (e.g., via `wk_collection()`) (@anthonynorth, #182, #186). * Added `wk_clockwise()` and `wk_counterclockwise()` to re-wind polygon rings (@anthonynorth, #188). * New replacement-function mode for `wk_coords<-()` for in-place modification of coordinates (@mdsumner, #187). * New function `wk_trans_explicit()` migrated from crs2crs (@mdsumner, #187). # wk 0.7.3 * Fix tests for updated waldo package (#178). # wk 0.7.2 * Fix use-after-free warnings. # wk 0.7.1 * Fix implicit reliance on error `as.data.frame.default()`, which no longer occurs in r-devel (#166). # wk 0.7.0 * Remove legacy headers that are no longer used by any downstream package (#146). * `validate_wk_wkt()` now errors for an object that does not inherit from 'wk_wkt' (#123, #146). * Added `wk_crs_projjson()` to get a JSON representation of a CRS object. To make lookup possible based on shortcut-style CRS objects (e.g., `"EPSG:4326"` or `4326`), added data objects `wk_proj_crs_view` and `wk_proj_crs_json` that contain cached versions of rendered PROJJSON based on the latest PROJ version (#147). * Added a `wk_crs_proj_definition()` method for `wk_crs_inherit()` (#136, #147). * Conversion to sf now uses the `sfc_writer()` for all wk classes, making conversions faster and fixing at least one issue with conversion of NA geometries to sf (#135). * `wk_plot()` now plots `NULL`/`NA` geometries and mixed geometry types more reliably (#142, #143, #149). * Exported EMPTY geometries to well-known text now include dimension (e.g., `POINT Z EMPTY`) (#141, #150). * Fixed bug where `wk_polygon()` doubled some points when the input contained closed rings (#134, #151). * Fixed bug where `wk_count()` exposed uninitialized values for empty input (#139, #153). * The `xy_writer()` now opportunistically avoids allocating vectors for Z or M values unless they are actually needed (#131, #154). * Added example WKT for all geometry types and dimensions plus helper `wk_example()` to access them and set various properties (#155). * Fixes warnings when compiling with `-Wstrict-prototypes` (#157, #158). * Removed `wk_chunk_map_feature()` in favour of using chunking strategies directly (#132, #159). * Optimized `wk_coords()` for `xy()` objects (#138, #160). * Added accessor methods for record-style vectors: `rct_xmin()`, `rct_xmax()`, `rct_ymin()`, `rct_ymax()`, `rct_width()`, `rct_height()`, `crc_center()`, `crc_x()`, `crc_y()`, `crc_r()`, `xy_x()`, `xy_y()`, `xy_z()`, and `xy_m()` (#144, #161). * Added rectangle operators `rct_intersects()`, `rct_contains()`, and `rct_intersection()` (#161). # wk 0.6.0 * Fixed `wk_affine_rescale()` to apply the translate and scale operations in the correct order (#94). * Add `wk_handle_slice()` and `wk_chunk_map_feature()` to support a chunk + apply workflow when working with large vectors (#101, #107). * C and R code was rewritten to avoid materializing ALTREP vectors (#103, #109). * Added a `wk_crs_proj_definition()` generic for foreign CRS objects (#110, #112). * Added `wk_crs_longlat()` helper to help promote authority-compliant CRS choices (#112). * Added `wk_is_geodesic()`, `wk_set_geodesic()`, and argument `geodesic` in `wkt()` and `wkb()` as a flag for objects whose edges must be interpolated along a spherical/ellipsoidal trajectory (#112). * Added `sf::st_geometry()` and `sf::st_sfc()` methods for wk geometry vectors for better integration with sf (#113, #114). * Refactored well-known text parser to be more reusable and faster (#115, #104). * Minor performance enhancement for `is.na()` and `validate_wk_wkb()` when called on a very long `wkb()` vector (#117). * Fixed issue with `validate_wk_wkb()` and `validate_wk_wkt()`, which failed for most valid objects (#119). * Added `wk_envelope()` and `wk_envelope_handler()` to compute feature-wise bounding boxes (#120, #122). * Fixed headers and tests to pass on big endian systems (#105, #122). * Incorporated the geodesic attribute into vctrs methods, data frame columns, and bbox/envelope calculation (#124, #125). * Fix `as_xy()` for nested data frames and geodesic objects (#126, #128). * Remove deprecated `wkb_problems()`, `wkt_problems()`, `wkb_format()`, and `wkt_format()` (#129). * `wk_plot()` is now an S3 generic (#130). # wk 0.5.0 * Fixed bugs relating to the behaviour of wk classes as vectors (#64, #65, #67, #70). * `crc()` objects are now correctly exported as polygons with a closed loop (#66, #70). * Added `wk_vertices()` and `wk_coords()` to extract individual coordinate values from geometries with optional identifying information. For advanced users, the `wk_vertex_filter()` can be used as part of a pipeline to export coordinates as point geometries to another handler (#69, #71). * Added `wk_flatten()` to extract geometries from collections. For advanced users, the `wk_flatten_filter()` can be used as part of a pipeline (#75, #78). * `options("max.print")` is now respected by all vector classes (#72, #74). * Moved implementation of plot methods from wkutils to wk to simplify the dependency structure of both packages (#80, #76). * Added `wk_polygon()`, `wk_linestring()`, and `wk_collection()` to construct polygons, lines, and collections. For advanced users, `wk_polygon_filter()`, `wk_linestring_filter()`, and `wk_collection_filter()` can be used as part of a pipeline (#77, #84). * Added a C-level transform struct that can be used to simplify the the common pattern of transforming coordinates. These structs can be created by other packages; however, the `wk_trans_affine()` and `wk_trans_set()` transforms are also built using this feature. These are run using the new `wk_transform()` function and power the new `wk_set_z()`, `wk_set_m()`, `wk_drop_z()`, `wk_drop_m()`, functions (#87, #88, #89). # wk 0.4.1 * Fix LTO and MacOS 3.6.2 check errors (#61). # wk 0.4.0 * Removed `wksxp()` in favour of improved `sf::st_sfc()` support (#21). * Rewrite existing readers, writers, and handlers, using a new C API (#13). * Use new C API in favour of header-only approach for all wk functions (#19, #22). * Use cpp11 to manage safe use of callables that may longjmp from C++. * Vector classes now propagate `attr(, "crs")`, and check that operations that involve more than one vector have compatable CRS objects as determined by `wk_crs_equal()`. * Added an R-level framework for other packages to implement wk readers and handlers: `wk_handle()`, `wk_translate()`, and `wk_writer()` (#37). * Added a native reader and writer for `sf::st_sfc()` objects and implemented R-level generics for sfc, sfg, sf, and bbox objects (#28, #29, #38, #45). * Implement `crc()` vector class to represent circles (#40). * Added a 2D cartesian bounding box handler (`wk_bbox()`) (#42). * Refactored unit tests reflecting use of the new API and for improved test coverage (#44, #45, #46). * Added `wk_meta()`, `wk_vector_meta()`, and `wk_count()` to inspect properties of vectors (#53). * Modified all internal handlers such that they work with vectors of unknown length (#54). # wk 0.3.4 * Fixed reference to `wkutils::plot.wk_wksxp()`, which no longer exists. # wk 0.3.3 * Fixed WKB import of ZM geometries that do not use EWKB. * Added `xy()`, `xyz()`, `xym()` and `xyzm()` classes to efficiently store point geometries. * Added the `rct()` vector class to efficiently store two-dimensional rectangles. * Fixed the CRAN check failure caused by a circular dependency with the wkutils package. * Added S3 methods to coerce sf objects to and from `wkt()`, `wkb()` and `wksxp()`. # wk 0.3.2 * Fixed EWKB output for collections and multi-geometries that included SRID (#3). * Fixed CRAN check errors related to exception handling on MacOS/R 3.6.2. # wk 0.3.1 * Added a `NEWS.md` file to track changes to the package.

@hsbt

3.0.1 (2024-07-31) * Ruby 3.4+ compatibility: "Use URI::RFC2396_Parser#regex explicitly" #138 @hsbt 3.0.2 (2024-08-09) * Ruby 3.4+ compatibility: "Use rfc2396 parser instead of URI::DEFAULT_PARSER" #139 @hsbt 3.0.3 (2024-09-03) * Fix performance issue for Mustermann::AST::Translator#escape #142 @hsbt, @ericproulx

2.3.0 (2024-12-05) Minor Enhancements * Simplify checking if an archive type is enabled (#149) * Memoize relative_path attribute of archive pages (#153) * Memoize date attribute of date-type archive pages (#154) * Allow creating slugs for emoji characters. (#129) * Use Liquid drop to expose attributes to templates (#158) Bug Fixes * Return unless 'jekyll-archives' config is a Hash (#139) * Include LICENSE in built gem (#180) Internal Refactors * Initialize Archives generator with a hash (#135) * Remove support for legacy Jekyll versions (#136) * Read-in site's tags and categories attributes (#137) * Use private helper to append enabled archive type (#150) * Access nested Hash values with Hash#dig (#151) * Generate custom post_attr_hash with private helper (#152) Development Fixes * Migrate CI to GitHub Actions (#177) * Add style_check job to CI workflow (#178) * Add workflow to release gem via GitHub Actions (#179) Documentation Fixes * Substitute 'gems' with 'plugins' (#143)

# sass 0.4.9 - Closed #138: font_google(local = TRUE) now uses woff2 (instead of woff) for a font file type. (#139) # sass 0.4.8 - Closed #132: Fix R CMD check warning re error() format strings (for r-devel). (#133) # sass 0.4.7 - Closed #129: Fixed a compilation warning on latest Apple Clang (15). (#130) - Closed #125: Installation now (correctly) requires `{fs}` >= 1.2.4.

New Features (Genesis / Sega CD / 32X) Added an audio setting to select 1 of 4 different audio low-pass filters, with cutoff frequencies ranging from about 15000 Hz (comparable to the existing filter) to about 5000 Hz (produces a very soft sound) (Genesis / Sega CD / 32X) Added a video setting to enable/disable individual graphics layers (Sega CD) Added an audio enhancement setting to apply linear interpolation or cubic Hermite interpolation to PCM sound chip channels; this significantly reduces audio noise and audio aliasing in games that play music or voice acting through the PCM chip (e.g. Lunar: Eternal Blue all the time, Sonic CD in past stages, basically every FMV game for cutscene audio) (GB) Added an option to use a custom 4-color palette, with a color picker UI for configuring the custom palette colors Added a new hotkey that completely exits the application (#140) The previous "quit" hotkey (which only closed the currently running game) has been renamed to "power off" Improvements (32X) PWM chip audio output resampling now uses cubic interpolation rather than a filter that assumed a source frequency of 22 KHz; this should improve audio quality in games that use PWM sample rates other than 22 KHz (e.g. After Burner Complete and Space Harrier) Input mappings that use modifier keys (Shift / Ctrl / Alt) no longer distinguish between Left and Right versions of the modifier, e.g. Left Shift and Right Shift are now both treated as simply "Shift" for input mapping purposes (#139) Redesigned most of the audio low-pass filters to explicitly target a cutoff frequency of about 15000 Hz with a stopband edge frequency of about 20000 Hz, which should further reduce resampling-related audio aliasing For performance reasons, NES and GB/GBC instead target a cutoff frequency of roughly 10000 Hz with a less steep attenuation slope past the cutoff frequency Implemented a performance optimization in how audio low-pass filters are applied when running on CPUs that support x86_64 AVX and FMA instructions (which is almost every x86_64 CPU made in the last 10 years; AVX2 is not needed) (SMS / Game Gear / Genesis) Improved video memory viewer UI so that it's now possible to view CRAM and VRAM simultaneously, as well as current VDP settings (captured once per frame at the beginning of VBlank) Display scale factor / DPI is now taken into account when determining initial emulator window size in windowed mode GUI: The GUI window is now repainted immediately when a directory scan finishes, rather than requiring mouse movement or a keyboard input to trigger the repaint Fixes (32X) Fixed the 68000 incorrectly being allowed to change the PWM timer interrupt interval via $A15130 writes; this fixes Primal Rage having horribly broken sound effects Fixed an input configuration bug that made it effectively impossible to correctly configure any gamepad where SDL reads digital buttons as analog axes, such as the 8BitDo M30 with its C and R buttons (#135) Fixed some minor bugs in the common audio resampling code related to how low-pass filters are applied CLI: For options that only accept a fixed set of possible values, the list of possible values in the help text is now auto-generated at compile time; this fixes at least one case where an option's help text listed a possible value that does not exist, and another case where an option's help text omitted a valid possible value

@dmurdoch

# downlit 0.4.4 * Use simpler parsing algorithm for R 4.0, which avoids crash with certain UTF-8 characters (#189). # downlit 0.4.3 * Fix for upcoming R-devel (#169). # downlit 0.4.2 * `highlight()` no longer errors if a package imputed to have been attached isn't installed. * Correctly link `requireNamespace(MASS)` (#151). # downlit 0.4.1 ## Syntax highlighting * Supports new base pipe `|>` syntax (#126). * Every line get its own `<span>` to match pandoc (#122). * Multi-line tokens (e.g. strings) now get a `<span>` per line (#139). * Very long strings or other tokens are no longer truncated (@dmurdoch, #128). ## Auto-linkg * Function calls (in inline and code blocks) will no longer to non-function topics (#135). * Re-exports detection no longer relies on name of `.Rd` file (#134). * Link to correct topic with `::()` and `utils::help()` (@IndrajeetPatil, #131). * Generate correct link for Bioconductor vignettes (@zeehio, #145)

@hedsnz

# profvis 0.4.0 * profvis now requires R 4.0.0. The bundled version of jQuery has been upgraded to 3.7.1 (@hedsnz, #139) and the bundled `highlight.js` has been updated to the 11.10.0 (#140). It no longer longer requires purrr or stringr, and no longer suggests ggplot2, devtools, knitr, or rmarkdown. * `provis()` uses a new technique for trimming uninteresting frames from the stack (#130). This requires a new evaluation model where the code you supply to `profvis()` is turned into the body of a zero-argument anonymous function that is then called by profvis. This subtly changes the semantics of evaluation, but the primary effect is that if you create variables inside of the profiled code they will no longer be available outside of it. * `profvis()` now uses elapsed time where possible (#72). * `profvis()` now uses doubles instead of integers (#114). * The CSS for profvis code is scoped so that it does not affect other blocks of code, such as those from RMarkdown or Quarto (@wch, #140). profvis 0.3.8 ============================= * `print()` gains an `aggregate` argument. Use `print(profvis(f()), aggregate = TRUE)` to aggregate frames by name in the flamegraph. This makes it easier to see the big picture (#115). Set the `profvis.aggregate` global option to `TRUE` to change the default. * For C function declarations that take no parameters, added `void` parameter.

Convert to wheel.mk. Passes self tests. Upstream NEWS content: nbxmpp 4.4.0 (22 Oct 2023) New * Add DiscoInfo.has_identity() * JID: Add JID.from_iri() Improvements * JID: Improve compliance when generating IRIs Change * Chatstates: Accept chatstates with delay tag nbxmpp 4.3.3 (28 Aug 2023) Improvements * JID: Allow comparisons against any object * DiscoInfo: Improve discovery if subject is allowed to be modified Bug Fixes * Don’t expect localpart for bare JIDs nbxmpp 4.3.2 (04 Jul 2023) New * SecurityLabels: Add get_label_hash() * JID: Add sqlite3 adapter magic method * MessageProperties: Add origin_id attribute * MessageProperties: Add remote_jid attribute Improvements * Client: Return only copy of ignored errors * CommonError: Add 'by' attribute * Moderation: Parse more data Bug Fixes * HTTP: Add set_accept_certificate() nbxmpp 4.3.1 (28 May 2023) Bug Fixes * HTTP: Abort correctly on content overflow * Websocket: Always set peer certificate nbxmpp 4.3.0 (21 May 2023) New * Add option to force http1 * Add method to generate XMPP IRIs Improvements * Lower log level for missing GSSAPI dependency Change * OMEMO: Add device id and namespace to OMEMOBundle Bug Fixes * Don’t delete session object in cleanup() * HTTP: Don’t accept content encoding (#143) nbxmpp 4.2.2 (25 Mar 2023) Bug Fixes * HTTP: Reset attributes on redirect (#141) nbxmpp 4.2.1 (18 Mar 2023) Bug Fixes * HTTP: Make sure streams are closed only once (#139) nbxmpp 4.2.0 (05 Feb 2023) New * Add support for XEP-0461: Message Replies Improvements * Add SASLprep profile Change * Require PyGObject 3.42.0 nbxmpp 4.1.0 (24 Jan 2023) Change * Port package to pyproject.toml Bug Fixes * Handle race condition when cancelling request (#136) nbxmpp 4.0.1 (10 Jan 2023) Bug Fixes * HTTP: Parse uri with correct flags nbxmpp 4.0.0 (06 Jan 2023) New * Add message reactions (XEP-0444) support * Add HTTP module Change * Raise required python version to 3.10 * Remove example client * Port to libsoup3 * XEP-0392: Update to 0.8.0 nbxmpp 3.2.5 (26 Oct 2022) New * Add support for XEP-0421 Bug Fixes * MUC: Check correctly for muc subject * Client: Don’t override modified certification errors nbxmpp 3.2.4 (05 Oct 2022) Improvements * Tasks: Track timeouts within the task Bug Fixes * MUC: Relax definition of MUC config change nbxmpp 3.2.3 (28 Sep 2022) Bug Fixes * TCP: Improve detection of broken connection nbxmpp 3.2.2 (13 Sep 2022) New * Expose TLS version and ciphersuite * Add stringprep implementation Change * Add packaging as dependency * Use stringprep instead of precis for JID validation Bug Fixes * Add missing __init__.py to examples Notes * You can set the env variable NBXMPP_USE_PRECIS to revert back to the old behavior. nbxmpp 3.2.1 (29 Aug 2022) Bug Fixes * Prepare domain names with UTS46 nbxmpp 3.2.0 (28 Aug 2022) New * Add support for Extensible SASL Profile (XEP-0388) Bug Fixes * Set timeout for host-meta http query (#130) nbxmpp 3.1.1 (27 Jul 2022) Improvements * Add more datetime test cases Performance * Use cache when calling JID.new_as_bare() Bug Fixes * Allow handlers to connect to presence type available nbxmpp 3.1.0 (28 May 2022) New * Examples: Allow to connect with different modes Bug Fixes * Client: Disconnect after stream restart in Login mode nbxmpp 3.0.2 (18 May 2022) Bug Fixes * Roster: Raise exception if a full jid is found * AdHoc: Don’t raise on empty nodes * Roster: Don’t fail when no roster attribute is found * #126 Remove redundant wheel dependency nbxmpp 3.0.1 (09 May 2022) Bugfix * Fix non-installable release nbxmpp 3.0.0 (09 May 2022) New * Add Roster module * Add Last Activity module * Add EntityTime module * Bookmarks: Add extensions support * Add Message Moderation * Implement SCRAM-SHA-512 Bugfixes * AdHoc: Improve XEP-0050 Compliance * Correctly handle RSM count request * Correction: Ignore messages where message id == replace id * Blocking: Don’t abort processing after parsing unblocks * Handle multiple stanza-id elements Others * Many breaking changes to methods and structs

@mame

pkgsrc change: remove restriction to Ruby's version. 1.0.3 (2025-02-26) What's Changed * Bump step-security/harden-runner from 2.10.1 to 2.10.2 by @dependabot in #136 * Bump rubygems/release-gem from 612653d273a73bdae1df8453e090060bb4db5f31 to 9e85cb11501bebc2ae661c1500176316d3987059 by @dependabot in #137 * Prevent a warning: URI::REGEXP is obsolete by @mame in #138 * Revisit deprecated test by @hsbt in #139 * Suppress deprecate warning of test class (retry) by @mame in #140 * Fix README by @hsbt in #142 * Bump rubygems/release-gem from 1.1.0 to 1.1.1 by @dependabot in #143 * Bump step-security/harden-runner from 2.10.2 to 2.10.3 by @dependabot in #144 * Bump step-security/harden-runner from 2.10.3 to 2.10.4 by @dependabot in #145 * Make documentation 100% by @nobu in #147 * Bump step-security/harden-runner from 2.10.4 to 2.11.0 by @dependabot in #153 * Remove userinfo by @hsbt in #154 New Contributors * @mame made their first contribution in #138

Release 2.7.1 Thu March 27 2025 Bug fixes: #980 #989 Restore event pointer behavior from Expat 2.6.4 (that the fix to CVE-2024-8176 changed in 2.7.0); affected API functions are: - XML_GetCurrentByteCount - XML_GetCurrentByteIndex - XML_GetCurrentColumnNumber - XML_GetCurrentLineNumber - XML_GetInputContext Other changes: #976 #977 Autotools: Integrate files "fuzz/xml_lpm_fuzzer.{cpp,proto}" with Automake that were missing from 2.7.0 release tarballs #983 #984 Fix printf format specifiers for 32bit Emscripten #992 docs: Promote OpenSSF Best Practices self-certification #978 tests/benchmark: Resolve mistaken double close #986 Address compiler warnings #990 #993 Version info bumped from 11:1:10 (libexpat*.so.1.10.1) to 11:2:10 (libexpat*.so.1.10.2); see https://verbump.de/ for what these numbers do Infrastructure: #982 CI: Start running Perl XML::Parser integration tests #987 CI: Enforce Clang Static Analyzer clean code #991 CI: Re-enable warning clang-analyzer-valist.Uninitialized for clang-tidy #981 CI: Cover compilation with musl #983 #984 CI: Cover compilation with 32bit Emscripten #976 #977 CI: Protect against fuzzer files missing from future release archives Release 2.7.0 Thu March 13 2025 Security fixes: #893 #973 CVE-2024-8176 -- Fix crash from chaining a large number of entities caused by stack overflow by resolving use of recursion, for all three uses of entities: - general entities in character data ("<e>&g1;</e>") - general entities in attribute values ("<e k1='&g1;'/>") - parameter entities ("%p1;") Known impact is (reliable and easy) denial of service: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:H/RL:O/RC:C (Base Score: 7.5, Temporal Score: 7.2) Please note that a layer of compression around XML can significantly reduce the minimum attack payload size. Other changes: #935 #937 Autotools: Make generated CMake files look for libexpat.@SO_MAJOR@.dylib on macOS #925 Autotools: Sync CMake templates with CMake 3.29 #945 #962 #966 CMake: Drop support for CMake <3.13 #942 CMake: Small fuzzing related improvements #921 docs: Add missing documentation of error code XML_ERROR_NOT_STARTED that was introduced with 2.6.4 #941 docs: Document need for C++11 compiler for use from C++ #959 tests/benchmark: Fix a (harmless) TOCTTOU #944 Windows: Fix installer target location of file xmlwf.xml for CMake #953 Windows: Address warning -Wunknown-warning-option about -Wno-pedantic-ms-format from LLVM MinGW #971 Address Cppcheck warnings #969 #970 Mass-migrate links from http:// to https:// #947 #958 .. #974 #975 Document changes since the previous release #974 #975 Version info bumped from 11:0:10 (libexpat*.so.1.10.0) to 11:1:10 (libexpat*.so.1.10.1); see https://verbump.de/ for what these numbers do Infrastructure: #926 tests: Increase robustness #927 #932 .. #930 #933 tests: Increase test coverage #617 #950 .. #951 #952 .. #954 #955 .. Fuzzing: Add new fuzzer "xml_lpm_fuzzer" based on #961 Google's libprotobuf-mutator ("LPM") #957 Fuzzing|CI: Start producing fuzzing code coverage reports #936 CI: Pass -q -q for LCOV >=2.1 in coverage.sh #942 CI: Small fuzzing related improvements #139 #203 .. #791 #946 CI: Make GitHub Actions build using MSVC on Windows and produce 32bit and 64bit Windows binaries #956 CI: Get off of about-to-be-removed Ubuntu 20.04 #960 #964 CI: Start uploading to Coverity Scan for static analysis #972 CI: Stop loading DTD from the internet to address flaky CI #971 CI: Adapt to breaking changes in Cppcheck

## Changes in version 0.14.1 **Released on March 29th, 2025.** * Issue #263: fix release tarball by relying on `make dist`. * Document ATF to Kyua mappings for metadata properties. * Support `require.diskspace` ATF metadata property. * Support backwards compatible `unprivileged_user` metadata property for ease of use dealing with ATF vs Kyua. * Fix building from source by tracking `utils/process/Kyuafile.in` and `engine/execenv/execenv_fwd.hpp` with automake. ## Changes in version 0.14 **Released on December 31st, 2024.** * Replace `--with-atf` with `--enable-atf`. The latter must be specified to enable ATF support and the Kyua tests by proxy. * Require newer versions of ATF (0.21) and Lutok (0.5). This is being done as part of a multi-phase deprecation of pre-C++11 environments. * Vendor the ATF m4 files from the freebsd/atf repo. * Translate `is_exclusive` metadata to its ATF counterpart. * Issue #236: fix accidental test forkbomb in specific user environments with `integration` tests by avoiding infinite recursion calling kyua. * Fix the build on Ubuntu 24.04. - execenv support added. This FreeBSD-specific feature allows tests to be executed in jails. * Issue #169: Remove deprecated `readdir_r` use. * Fix build issue on more recent versions of MacOS. * Fix build issue on IllumOS. * Fix issues with PID reuse in testcases. * Escape characters captured from stderr and stdout in HTML output. * `integration/cmd_report_test:verbose`: fix regular expression used in tests which would break in certain user environments. * Add Cirrus CI support for testing Kyua on FreeBSD. * Remove `UTILS_UNUSED_PARAM` macro. * Fix document rendering with newer versions of doxygen. * Issue #152: explicitly require C++11 language features when compiling Kyua. Remove `std::shared_ptr` compatibility header, `utils/shared_ptr.hpp`. * Fix `igor` and `mandoc -Tlint` reported issues with generated manpages. * Issue #167: fix typos in kyua(1) manpage. ## Changes in version 0.13 **Released on August 26th, 2016.** * Fixed execution of test cases as an unprivileged user, at least under NetBSD 7.0. Kyua-level failures were probably a regression introduced in Kyua 0.12, but the underlying may have existed for much longer: test cases might have previously failed for mysterious reasons when running under an unprivileged user. * Issue #134: Fixed metadata test broken on 32-bit platforms. * Issue #139: Added per-test case start/end timestamps to all reports. * Issue #156: Fixed crashes due to the invalid handling of cleanup routine data and triggered by the reuse of PIDs in long-running Kyua instances. * Issue #159: Fixed TAP parser to ignore case while matching `TODO` and `SKIP` directives, and to also recognize `Skipped`. * Fixed potential crash due to a race condition in the unprogramming of timers to control test deadlines. ## Changes in version 0.12 **Released on November 22nd, 2015.** This is a huge release and marks a major milestone for Kyua as it finally implements a long-standing feature request: the ability to execute test cases in parallel. This is a big deal because test cases are rarely CPU-bound: running them in parallel yields much faster execution times for large test suites, allowing faster iteration of changes during development. As an example: the FreeBSD test suite as of this date contains 3285 test cases. With sequential execution, a full test suite run takes around 12 minutes to complete, whereas on a 4-core machine with a high level of parallelism it takes a little over 1 minute. Implementing parallel execution required rewriting most of Kyua's core and partly explains explains why there has not been a new release for over a year. The current implementation is purely subprocess-based, which works but has some limitations and has resulted in a core that is really complex and difficult to understand. Future versions will investigate the use of threads instead for a simplified programming model and additional parallelization possibilities. * Issue #2: Implemented support to execute test cases in parallel when invoking `kyua test`. Parallel execution is *only* enabled when the new `parallelism` configuration variable is set to a value greater than `1`. The default behavior is still to run tests sequentially because some test suites contain test cases with side-effects that might fail when run in parallel. To resolve this, the new metadata property `is_exclusive` can be set to `true` on a test basis to indicate that the test must be run on its own. * Known regression: Running `kyua debug` on a TAP-based test program does not currently report the output in real time. The output will only be displayed once the test program completes. This is a shortcoming of the new parallel execution engine and will be resolved. * Removed the external C-based testers code in favor of the new built-in implementations. The new approach feels significantly faster than the previous one. * Fixed the handling of relative paths in the `fs.*` functions available in `Kyuafile`s. All paths are now resolved relative to the location of the caller `Kyuafile`. `Kyuafile.top` has been updated with these changes and you should update custom copies of this file with the new version. * Changed temporary directory creation to always grant search permissions on temporary directories. This is to prevent potential problems when running Kyua as root and executing test cases that require dropping privileges (as they may later be unable to use absolute paths that point inside their work directory). * The cleanup of work directories does not longer attempt to deal with mount points. If a test case mounts a file system and forgets to unmount it, the mount point will be left behind. It is now the responsibility of the test case to clean after itself. The reasons for this change are simplicity and clarity: there are many more things that a test case can do that have side-effects on the system and Kyua cannot protect against them all, so it is better to just have the test undo anything it might have done. * Improved `kyua report --verbose` to properly handle environment variables with continuation lines in them, and fixed the integration tests for this command to avoid false negatives. * Changed the configuration file format to accept the definition of unknown variables without declaring them local. The syntax version number remains at 2. This is to allow configuration files for newer Kyua versions to work on older Kyua versions, as there is no reason to forbid this. * Fixed stacktrace gathering with FreeBSD's ancient version of GDB. GDB 6.1.1 (circa 2004) does not have the `-ex` flag so we need to generate a temporary GDB script and feed it to GDB with `-x` instead. * Issue #136: Fixed the XML escaping in the JUnit output so that non-printable characters are properly handled when they appear in the process's stdout or stderr. * Issue #141: Improved reporting of errors triggered by sqlite3. In particular, all error messages are now tagged with their corresponding database filename and, if they are API-level errors, the name of the sqlite3 function that caused them. * Issue #144: Improved documentation on the support for custom properties in the test metadata. * Converted the `INSTALL`, `NEWS`, and `README` distribution documents to Markdown for better formatting online. ## Changes in version 0.11 **Released on October 23rd, 2014.** * Added support to print the details of all test cases (metadata and their output) to `report`. This is via a new `--verbose` flag which replaces the previous `--show-context`. * Added support to specify the amount of physical disk space required by a test case. This is in the form of a new `required_disk_space` metadata property, which can also be provided by ATF test cases as `require.diskspace`. * Assimilated the contents of all the `kyua-*-tester(1)` and `kyua-*-interface(7)` manual pages into more relevant places. In particular, added more details on test program registration and their metadata to `kyuafile(5)`, and added `kyua-test-isolation(7)` describing the isolation features of the test execution. * Assimilated the contents of all auxiliary manual pages, including `kyua-build-root(7)`, `kyua-results-files(7)`, `kyua-test-filters(7)` and `kyua-test-isolation(7)`, into the relevant command-specific manual pages. This is for easier discoverability of relevant information when reading how specific Kyua commands work. * Issue #30: Plumbed through support to query configuration variables from ATF's test case heads. This resolves the confusing situation where test cases could only do this from their body and cleanup routines. * Issue #49: Extended `report` to support test case filters as command-line arguments. Combined with `--verbose`, this allows inspecting the details of a test case failure after execution. * Issue #55: Deprecated support for specifying `test_suite` overrides on a test program basis. This idiom should not be used but support for it remains in place. * Issue #72: Added caching support to the `getcwd(3)` test in configure so that the result can be overriden for cross-compilation purposes. * Issue #83: Changed manual page headings to include a `kyua` prefix in their name. This prevents some possible confusion when displaying, for example, the `kyua-test` manual page with a plain name of `test`. * Issue #84: Started passing test-suite configuration variables to plain and TAP test programs via the environment. The name of the environment variables set this way is prefixed by `TEST_ENV_`, so a configuration variable of the form `test_suites.some_name.allow_unsafe_ops=yes` in `kyua.conf` becomes `TEST_ENV_allow_unsafe_ops=YES` in the environment. * Issues #97 and #116: Fixed the build on Illumos. * Issue #102: Set `TMPDIR` to the test case's work directory when running the test case. If the test case happens to use the `mktemp(3)` family of functions (due to misunderstandings on how Kyua works or due to the reuse of legacy test code), we don't want it to easily escape the automanaged work directory. * Issue #103: Started being more liberal in the parsing of TAP test results by treating the number in `ok` and `not ok` lines as optional. * Issue #105: Started using tmpfs instead of md as a temporary file system for tests in FreeBSD so that we do not leak `md(4)` devices. * Issue #109: Changed the privilege dropping code to start properly dropping group privileges when `unprivileged_user` is set. Also fixes `testers/run_test:fork_wait__unprivileged_group`. * Issue #110: Changed `help` to display version information and clarified the purpose of the `about` command in its documentation. * Issue #111: Fixed crash when defining a test program in a `Kyuafile` that has not yet specified the test suite name. * Issue #114: Improved the `kyuafile(5)` manual page by clarifying the restrictions of the `include()` directive and by adding abundant examples. ## Changes in version 0.10 **Experimental version released on August 14th, 2014.** * Merged `kyua-cli` and `kyua-testers` into a single `kyua` package. * Dropped the `kyua-atf-compat` package. * Issue #100: Do not try to drop privileges to `unprivileged_user` when we are already running as an unprivileged user. Doing so is not possible and thus causes spurious test failures when the current user is not root and the current user and `unprivileged_user` do not match. * Issue #79: Mention `kyua.conf(5)` in the *See also* section of `kyua(1)`. * Issue #75: Change the `rewrite__expected_signal__bad_arg` test in `testers/atf_result_test` to use a different signal value. This is to prevent triggering a core dump that made the test fail in some platforms. ## Changes in kyua-cli version 0.9 **Experimental version released on August 8th, 2014.** Major changes: The internal architecture of Kyua to record the results of test suite runs has completely changed in this release. Kyua no longer stores all the different test suite run results as different "actions" within the single `store.db` database. Instead, Kyua now generates a separate results file inside `~/.kyua/store/` for every test suite run. Due to the complexity involved in the migration process and the little need for it, this is probably going to be the only release where the `db-migrate` command is able to convert an old `store.db` file to the new scheme. Changes in more detail: * Added the `report-junit` command to generate JUnit XML result files. The output has been verified to work within Jenkins. * Switched to results files specific to their corresponding test suite run. The unified `store.db` file is now gone: `kyua test` creates a new results file for every invocation under `~/.kyua/store/` and the `kyua report*` commands are able to locate the latest file for a corresponding test suite automatically. * The `db-migrate` command takes an old `store.db` file and generates one results file for every previously-recorded action, later deleting the `store.db` file. * The `--action` flag has been removed from all commands that accepted it. This has been superseded by the tests results files. * The `--store` flag that many commands took has been renamed to `--results-file` in line with the semantical changes. * The `db-exec` command no longer creates an empty database when none is found. This command is now intended to run only over existing files. ## Changes in kyua-testers version 0.3 **Experimental version released on August 8th, 2014.** * Made the testers set a "sanitized" value for the `HOME` environment variable where, for example, consecutive and trailing slashes have been cleared. Mac OS X has a tendency to append a trailing slash to the value of `TMPDIR`, which can cause third-party tests to fail if they compare `${HOME}` with `$(pwd)`. * Issues #85, #86, #90 and #92: Made the TAP parser more complete: mark test cases reported as `TODO` or `SKIP` as passed; handle skip plans; ignore lines that look like `ok` and `not ok` but aren't results; and handle test programs that report a pass but exit with a non-zero code. ## Changes in kyua-cli version 0.8 **Experimental version released on December 7th, 2013.** * Added support for Lutok 0.4. * Issue #24: Plug the bootstrap tests back into the test suite. Fixes in `kyua-testers` 0.2 to isolate test cases into their own sessions should allow these to run fine. * Issue #74: Changed the `kyuafile(5)` parser to automatically discover existing tester interfaces. The various `*_test_program()` functions will now exist (or not) based on tester availability, which simplifies the addition of new testers or the selective installation of them. ## Changes in kyua-testers version 0.2 **Experimental version released on December 7th, 2013.** * Issue #74: Added the `kyua-tap-tester`, a new backend to interact with test programs that comply with the Test Anything Protocol. * Issue #69: Cope with the lack of `AM_PROG_AR` in `configure.ac`, which first appeared in Automake 1.11.2. Fixes a problem in Ubuntu 10.04 LTS, which appears stuck in 1.11.1. * Issue #24: Improve test case isolation by confining the tests to their own session instead of just to their own process group. ## Changes in kyua-cli version 0.7 **Experimental version released on October 18th, 2013.** * Made failures from testers more resilent. If a tester fails, the corresponding test case will be marked as broken instead of causing kyua to exit. * Added the `--results-filter` option to the `report-html` command and set its default value to skip passed results from HTML reports. This is to keep these reports more succint and to avoid generating tons of detail files that will be, in general, useless. * Switched to use Lutok 0.3 to gain compatibility with Lua 5.2. * Issue #69: Cope with the lack of `AM_PROG_AR` in `configure.ac`, which first appeared in Automake 1.11.2. Fixes a problem in Ubuntu 10.04 LTS, which appears stuck in 1.11.1. ## Changes in kyua-cli version 0.6 **Experimental version released on February 22nd, 2013.** * Issue #36: Changed `kyua help` to not fail when the configuration file is bogus. Help should always work. * Issue #37: Simplified the `syntax()` calls in configuration and `Kyuafile` files to only specify the requested version instead of also the format name. The format name is implied by the file being loaded, so there is no use in the caller having to specify it. The version number of these file formats has been bumped to 2. * Issue #39: Added per-test-case metadata values to the HTML reports. * Issue #40: Rewrote the documentation as manual pages and removed the previous GNU Info document. * Issue #47: Started using the independent testers in the `kyua-testers` package to run the test cases. Kyua does not implement the logic to invoke test cases any more, which provides for better modularity, extensibility and robustness. * Issue #57: Added support to specify arbitrary metadata properties for test programs right from the `Kyuafile`. This is to make plain test programs more versatile, by allowing them to specify any of the requirements (allowed architectures, required files, etc.) supported by Kyua. * Reduced automatic screen line wrapping of messages to the `help` command and the output of tables by `db-exec`. Wrapping any other messages (specially anything going to stderr) was very annoying because it prevented natural copy/pasting of text. * Increased the granularity of the error codes returned by `kyua(1)` to denote different error conditions. This avoids the overload of `1` to indicate both "expected" errors from specific subcommands and unexpected errors caused by the internals of the code. The manual now correctly explain how the exit codes behave on a command basis. * Optimized the database schema to make report generation almost instantaneous. * Bumped the database schema to 2. The database now records the metadata of both test programs and test cases generically, without knowledge of their interface. * Added the `db-migrate` command to provide a mechanism to upgrade a database with an old schema to the current schema. * Removed the GDB build-time configuration variable. This is now part of the `kyua-testers` package. * Issue #31: Rewrote the `Kyuafile` parsing code in C++, which results in a much simpler implementation. As a side-effect, this gets rid of the external Lua files required by `kyua`, which in turn make the tool self-contained. * Added caching of various configure test results (particularly in those tests that need to execute a test program) so that cross-compilers can predefine the results of the tests without having to run the executables. ## Changes in kyua-testers version 0.1 **Experimental version released on February 19th, 2013.** This is the first public release of the `kyua-testers` package. The goal of this first release is to adopt all the test case execution code of `kyua-cli` 0.5 and ship it as a collection of independent tester binaries. The `kyua-cli` package will rely on these binaries to run the tests, which provides better modularity and simplicity to the architecture of Kyua. The code in this package is all C as opposed to the current C++ codebase of `kyua-cli`, which means that the overall build times of Kyua are now reduced. ## Changes in kyua-cli version 0.5 **Experimental version released on July 10th, 2012.** * Issue #15: Added automatic stacktrace gathering of crashing test cases. This relies on GDB and is a best-effort operation. * Issue #32: Added the `--build-root` option to the debug, list and test commands. This allows executing test programs from a different directory than where the `Kyuafile` scripts live. See the *Build roots* section in the manual for more details. * Issue #33: Removed the `kyuaify.sh` script. This has been renamed to atf2kyua and moved to the `kyua-atf-compat` module, where it ships as a first-class utility (with a manual page and tests). * Issue #34: Changed the HTML reports to include the stdout and stderr of every test case. * Fixed the build when using a "build directory" and a clean source tree from the repository. ## Changes in kyua-cli version 0.4 **Experimental version released on June 6th, 2012.** * Added the `report-html` command to generate HTML reports of the execution of any recorded action. * Changed the `--output` flag of the `report` command to only take a path to the target file, not its format. Different formats are better supported by implementing different subcommands, as the options they may receive will vary from format to format. * Added a `--with-atf` flag to the configure script to control whether the ATF tests get built or not. May be useful for packaging systems that do not have ATF in them yet. Disabling ATF also cuts down the build time of Kyua significantly, but with the obvious drawbacks. * Grouped `kyua` subcommands by topic both in the output of `help` and in the documentation. In general, the user needs to be aware of commands that rely on a current project and those commands that rely purely on the database to generate reports. * Made `help` print the descriptions of options and commands properly tabulated. * Changed most informational messages to automatically wrap on screen boundaries. * Rewrote the configuration file parsing module for extensibility. This will allow future versions of Kyua to provide additional user-facing options in the configuration file. No syntax changes have been made, so existing configuration files (version 1) will continue to be parsed without problems. There is one little exception though: all variables under the top-level `test_suites` tree must be declared as strings. Similarly, the `-v` and `--variable` flags to the command line must now carry a `test_suites.` prefix when referencing any variables under such tree. ## Changes in kyua-cli version 0.3 **Experimental version released on February 24th, 2012.** * Made the `test` command record the results of the executed test cases into a SQLite database. As a side effect, `test` now supports a `--store` option to indicate where the database lives. * Added the `report` command to generate plain-text reports of the test results stored in the database. The interface of this command is certainly subject to change at this point. * Added the `db-exec` command to directly interact with the store database. * Issue #28: Added support for the `require.memory` test case property introduced in ATF 0.15. * Renamed the user-specific configuration file from `~/.kyuarc` to `~/.kyua/kyua.conf` for consistency with other files stored in the `~/.kyua/` subdirectory. * Switched to use Lutok instead of our own wrappers over the Lua C library. Lutok is just what used to be our own utils::lua module, but is now distributed separately. * Removed the `Atffile`s from the source tree. Kyua is stable enough to generate trustworthy reports, and we do not want to give the impression that atf-run / atf-report are still supported. * Enabled logging to stderr for our own test programs. This makes it slightly easier to debug problems in our own code when we get a failing test. ## Changes in kyua-cli version 0.2 **Experimental version released on August 24th, 2011.** The biggest change in this release is the ability for Kyua to run test programs implemented using different frameworks. What this means is that, now, a Kyua test suite can include not only ATF-based test programs, but also "legacy" (aka plain) test programs that do not use any framework. I.e. if you have tests that are simple programs that exit with 0 on success and 1 on failure, you can plug them in into a Kyua test suite. Other than this, there have been several user-visible changes. The most important are the addition of the new `config` and `debug` subcommands to the `kyua` binary. The former can be used to inspect the runtime configuration of Kyua after parsing, and the latter is useful to interact with failing tests cases in order to get more data about the failure itself. Without further ado, here comes the itemized list of changes: * Generalized the run-time engine to support executing test programs that implement different interfaces. Test programs that use the ATF libraries are just a special case of this. (Issue #18.) * Added support to the engine to run `plain` test programs: i.e. test programs that do not use any framework and report their pass/fail status as an exit code. This is to simplify the integration of legacy test programs into a test suite, and also to demonstrate that the run-time engine is generic enough to support different test interfaces. (Issue #18.) * Added the `debug` subcommand. This command allows end users to tweak the execution of a specific test case and to poke into the behavior of its execution. At the moment, all this command allows is to view the stdout and stderr of the command in real time (which the `test` command currently completely hides). * Added the `config` subcommand. This command allows the end user to inspect the current configuration variables after evaluation, without having to read through configuration files. (Issue #11.) * Removed the `test_suites_var` function from configuration files. This was used to set the value of test-suite-sepecific variables, but it was ugly-looking. It is now possible to use the more natural syntax `test_suites.<test-suite-name>.<variable> = <value>`. (Issue #11.) * Added a mechanism to disable the loading of configuration files altogether. Needed for testing purposes and for scriptability. Available by passing the `--config=none` flag. * Enabled detection of unused parameters and variables in the code and fixed all warnings. (Issue #23.) * Changed the behavior of "developer mode". Compiler warnings are now enabled unconditionally regardless of whether we are in developer mode or not; developer mode is now only used to perform strict warning checks and to enable assertions. Additionally, developer mode is now only automatically enabled when building from the repository, not for formal releases. (Issue #22.) * Fixed many build and portability problems to Debian sid with GCC 4.6.3 and Ubuntu 10.04.1 LTS. (Issues #20, #21, #26.) ## Changes in kyua-cli version 0.1 **Experimental version released on June 23rd, 2011.** This is the first public release of the `kyua-cli` package. The scope of this release is to provide functional replacement for the `atf-run` utility included in the atf package. At this point, `kyua` can reliably run the NetBSD 5.99.53 test suite delivering the same results as `atf-run`. The reporting facilities of this release are quite limited. There is no replacement for `atf-report` yet, and there is no easy way of debugging failing test programs other than running them by hand. These features will mark future milestones and therefore be part of other releases. Be aware that this release has suffered very limited field testing. The test suite for `kyua-cli` is quite comprehensive, but some bugs may be left in any place.

textproc/expat: security fix Revisions pulled up: - textproc/expat/Makefile 1.59 - textproc/expat/distinfo 1.53 - textproc/expat/patches/patch-cmake_autotools_expat-noconfig____macos.cmake.in deleted --- Module Name: pkgsrc Committed By: wiz Date: Sun Mar 30 07:48:15 UTC 2025 Modified Files: pkgsrc/textproc/expat: Makefile distinfo Removed Files: pkgsrc/textproc/expat/patches: patch-cmake_autotools_expat-noconfig____macos.cmake.in Log Message: expat: update to 2.7.1. Release 2.7.1 Thu March 27 2025 Bug fixes: #980 #989 Restore event pointer behavior from Expat 2.6.4 (that the fix to CVE-2024-8176 changed in 2.7.0); affected API functions are: - XML_GetCurrentByteCount - XML_GetCurrentByteIndex - XML_GetCurrentColumnNumber - XML_GetCurrentLineNumber - XML_GetInputContext Other changes: #976 #977 Autotools: Integrate files "fuzz/xml_lpm_fuzzer.{cpp,proto}" with Automake that were missing from 2.7.0 release tarballs #983 #984 Fix printf format specifiers for 32bit Emscripten #992 docs: Promote OpenSSF Best Practices self-certification #978 tests/benchmark: Resolve mistaken double close #986 Address compiler warnings #990 #993 Version info bumped from 11:1:10 (libexpat*.so.1.10.1) to 11:2:10 (libexpat*.so.1.10.2); see https://verbump.de/ for what these numbers do Infrastructure: #982 CI: Start running Perl XML::Parser integration tests #987 CI: Enforce Clang Static Analyzer clean code #991 CI: Re-enable warning clang-analyzer-valist.Uninitialized for clang-tidy #981 CI: Cover compilation with musl #983 #984 CI: Cover compilation with 32bit Emscripten #976 #977 CI: Protect against fuzzer files missing from future release archives Release 2.7.0 Thu March 13 2025 Security fixes: #893 #973 CVE-2024-8176 -- Fix crash from chaining a large number of entities caused by stack overflow by resolving use of recursion, for all three uses of entities: - general entities in character data ("<e>&g1;</e>") - general entities in attribute values ("<e k1='&g1;'/>") - parameter entities ("%p1;") Known impact is (reliable and easy) denial of service: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:H/RL:O/RC:C (Base Score: 7.5, Temporal Score: 7.2) Please note that a layer of compression around XML can significantly reduce the minimum attack payload size. Other changes: #935 #937 Autotools: Make generated CMake files look for libexpat.@SO_MAJOR@.dylib on macOS #925 Autotools: Sync CMake templates with CMake 3.29 #945 #962 #966 CMake: Drop support for CMake <3.13 #942 CMake: Small fuzzing related improvements #921 docs: Add missing documentation of error code XML_ERROR_NOT_STARTED that was introduced with 2.6.4 #941 docs: Document need for C++11 compiler for use from C++ #959 tests/benchmark: Fix a (harmless) TOCTTOU #944 Windows: Fix installer target location of file xmlwf.xml for CMake #953 Windows: Address warning -Wunknown-warning-option about -Wno-pedantic-ms-format from LLVM MinGW #971 Address Cppcheck warnings #969 #970 Mass-migrate links from http:// to https:// #947 #958 .. #974 #975 Document changes since the previous release #974 #975 Version info bumped from 11:0:10 (libexpat*.so.1.10.0) to 11:1:10 (libexpat*.so.1.10.1); see https://verbump.de/ for what these numbers do Infrastructure: #926 tests: Increase robustness #927 #932 .. #930 #933 tests: Increase test coverage #617 #950 .. #951 #952 .. #954 #955 .. Fuzzing: Add new fuzzer "xml_lpm_fuzzer" based on #961 Google's libprotobuf-mutator ("LPM") #957 Fuzzing|CI: Start producing fuzzing code coverage reports #936 CI: Pass -q -q for LCOV >=2.1 in coverage.sh #942 CI: Small fuzzing related improvements #139 #203 .. #791 #946 CI: Make GitHub Actions build using MSVC on Windows and produce 32bit and 64bit Windows binaries #956 CI: Get off of about-to-be-removed Ubuntu 20.04 #960 #964 CI: Start uploading to Coverity Scan for static analysis #972 CI: Stop loading DTD from the internet to address flaky CI #971 CI: Adapt to breaking changes in Cppcheck

What's Changed Update usage instructions and fix module path #139 Table rendering fix in #141

@Etto48

v1.12.1 What's Changed - Fixed misuse of entry_point parameter in localization by @Etto48 in #147 - Added Turkish translation by @orhun, @arda-guler in #139 - Reviewed Spanish translation by @chocolatemilq in #146 - Reviewed French translation by @Pallandos in #148 v1.12.0 What's Changed - Add zh-CN translation and generate zh-HK and zh-TW translations via O… by @Meow0x7E in #136 - Feature/i18n by @Etto48 in #137

security/xhash: Bump to v3.3.3, go122 and latest dependencies

df29595

ricardobranco777 force-pushed the xhash_go122 branch from 42c2adb to df29595 Compare May 19, 2024 13:37

ricardobranco777 changed the title ~~security/xhash: Bump to v3.3.3, go122 and latest dependencies~~ security/xhash: Bump to v3.3.3 and latest dependencies May 19, 2024

ricardobranco777 closed this Jun 1, 2024

ricardobranco777 deleted the xhash_go122 branch June 1, 2024 07:07

netbsd-srcmastr pushed a commit that referenced this pull request Apr 26, 2025

textproc/go-md2man: update to 2.0.7

498c643

What's Changed Update usage instructions and fix module path #139 Table rendering fix in #141

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

security/xhash: Bump to v3.3.3 and latest dependencies #139

security/xhash: Bump to v3.3.3 and latest dependencies #139

Uh oh!

ricardobranco777 commented May 19, 2024 •

edited

Loading

Uh oh!

Uh oh!

security/xhash: Bump to v3.3.3 and latest dependencies #139

security/xhash: Bump to v3.3.3 and latest dependencies #139

Uh oh!

Conversation

ricardobranco777 commented May 19, 2024 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Uh oh!

ricardobranco777 commented May 19, 2024 •

edited

Loading