| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
The software Makefiles try to install example configuration files
directly into $(sysconfdir), which is set during the configure
stage to ${PKG_SYSCONFDIR} == ${PREFIX}/etc/siege. However, pkgsrc
standards require that the example configuration files be installed
into ${PREFIX}/share/examples/siege ( ${EGDIR} ).
Pass sysconfdir=${EGDIR} to the bmake(1) process during the install
stage so that the Makefile recipe will install the example files
into the correct location.
Remove the "install" substitution class that was trying to do the
same thing but which fails if ${PKG_SYSCONFBASE} != ${PREFIX}/etc.
Bump the PKGREVISION due to changes in the installed files if the
package is built with default settings. Fix discussed with nils@
in private correspondence.
|
|
Needs c99
|
|
PR pkg/52507: ap24-perl module upgrade breaks Apache HTTPd v2.4
|
|
Security issues:
- $wpdb->prepare() can create unexpected and unsafe queries leading to potential SQL injection (SQLi). WordPress core is not directly vulnerable to this issue, but we’ve added hardening to prevent plugins and themes from accidentally causing a vulnerability. Reported by Slavco.
- A cross-site scripting (XSS) vulnerability was discovered in the oEmbed discovery. Reported by xknown of the WordPress Security Team.
- A cross-site scripting (XSS) vulnerability was discovered in the visual editor. Reported by Rodolfo Assis (@brutelogic) of Sucuri Security.
- A path traversal vulnerability was discovered in the file unzipping code. Reported by Alex Chapman (noxrnet).
- A cross-site scripting (XSS) vulnerability was discovered in the plugin editor. Reported by 陈瑞琦 (Chen Ruiqi).
- An open redirect was discovered on the user and term edit screens. Reported by Yasin Soliman (ysx).
- A path traversal vulnerability was discovered in the customizer. Reported by Weston Ruter of the WordPress Security Team.
- A cross-site scripting (XSS) vulnerability was discovered in template names. Reported by Luka (sikic).
- A cross-site scripting (XSS) vulnerability was discovered in the link modal. Reported by Anas Roubi (qasuar).
And 6 other fixes:
* Emoji
- #41584 - Upgrade Twemoji to 2.5.0
- #41852 - Fix UN flag test by returning the correct value.
*I18N
- #41794 - Support numbers in locales during installation
* Security
- #13377 - Add more sanitization in _cleanup_header_comment
*Widgets
- #41596 - New Text Widget recognizes HTML but does not render it in the front end
- #41622 - Text widget can show DOMDocument::loadHTML() warnings in admin when is_legacy_widget method is called
More on https://codex.wordpress.org/Version_4.8.2
|
|
|
|
Remove unnecessary RUBY_VERSIONS_ACCEPTED since ruby21 removed.
|
|
|
|
See https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html
Bump PKGREVISION.
|
|
release announce:
Contao 4.4.5 is available 18.09.2017 10:28 by Leo Feyer
Contao version 4.4.5 is available. The bugfix release fixes several issues
including a problem with the install tool and a problem with SVG images in
Internet Explorer. In addition, the back end theme has been adjusted again
and some of the previous changes have been revised.
|
|
|
|
### 0.7.0 / 2017-09-11
* Add `ping` and `pong` to the set of events users can listen to
|
|
0.12.2 (2017/08/04)
* Fixes race condition issue with rubygems.org
0.12.1 (2017/08/03)
* Fixes support for Oj < 3.3.3 (#163)
* Adds support for parser_options on MultiXML and SafeYAML parsers
0.12.0 (2017/07/28)
* Replace rash with rash_alt (#136)
* Allow write_options to be specified for FaradayMiddleware::Caching (#155)
* Add support for passing options to JSON.parse (#156)
* Parse YAML safely (#157)
* Handle responses with missing Location header (#159)
* Removes support for ruby < 1.9.3 (#162)
|
|
|
|
|
|
1.1.8
* Reverted recent JS fixes for subprotocols on some phones as they do not work
in Chrome.
|
|
1.1.7:
* Fixed compatability with Django 1.10 and below
* JS library: Fixed error with 1006 error code
|
|
17.9.2
new: allow setting correlation URI and anchor flag in WAMP messages from user code
fix: WebSocket proxy connect on Python 3 (unicode vs bytes bug)
|
|
While graphics support for big endian platforms ist still not quite
right, we prefer slightly garbled display (or missing items) over
browser crashes.
|
|
|
|
|
|
|
|
|
|
|
|
## 1.4.1 / 2017-06-21
* Don't ask .empty? until it's a String. (#38)
* rename Liquid 4 `has_key?` to `key?` to add compatibility for liquid 4 (#41)
* Test against Ruby 2.1 to 2.4 (#45)
|
|
3.5.2 (2017/8/18)
* Backport #6281 for v3.5.x: Fix Drop#key? so it can handle a nil argument (#6288)
* Backport #6280 for v3.5.x: Guard against type error in absolute_url (#6287)
* Backport #6266 for v3.5.x: Memoize the return value of Document#url (#6301)
* Backport #6273 for v3.5.x: delegate StaticFile#to_json to StaticFile#to_liquid (#6302)
* Backport #6226 for v3.5.x: Reader#read_directories: guard against an entry not being a directory (#6304)
* Backport #6247 for v3.5.x: kramdown: symbolize keys in-place (#6303)
3.5.1 (2017/7/18)
Minor Enhancements
* Use Warn for deprecation messages (#6192)
* site template: Use plugins key instead of gems (#6045)
Bug Fixes
* Backward compatiblize URLFilters module (#6163)
* Static files contain front matter default keys when to_liquid'd (#6162)
* Always normalize the result of the relative_url filter (#6185)
Documentation
* Update reference to trouble with OS X/macOS (#6139)
* added BibSonomy plugin (#6143)
* add plugins for multiple page pagination (#6055)
* Update minimum Ruby version in installation.md (#6164)
* [docs] Add information about finding a collection in site.collections (#6165)
* Add {%raw%} to Liquid example on site (#6179)
* Added improved Pug plugin - removed 404 Jade plugin (#6174)
* Linking the link (#6210)
* Small correction in documentation for includes (#6193)
* Fix docs site page margin (#6214)
Development Fixes
* Add jekyll doctor to GitHub Issue Template (#6169)
* Test with Ruby 2.4.1-1 on AppVeyor (#6176)
* set minimum requirement for jekyll-feed (#6184)
|
|
pkgsrc change: update HOMEPAGE.
Chantes are too many to write here, please refer:
<https://github.com/SeleniumHQ/selenium/releases>.
|
|
1.6.0 (2017/09/01)
* Rack::PostBodyContentTypeParser: if the middleware is told a POST body is
JSON, but it doesn't parse as JSON, then... it's not really JSON, and the
request is now rejected with a 400 response. Thanks to Yukihiko SAWANOBORI
(@sawanoboly) for the fix.
1.5.0 (2017/07/19)
After an extended hiatus, rack-contrib maintenance is back on track. This
is a tidy-up release, merging things that have sat around for far too long.
* git-version-bump has now been moved to being a development dependency,
thanks to Tobias Haagen Michaelsen.
* Rack::AcceptLocale can be restricted to a set of enforced locales, thanks to
Paco Guzman.
* Rack::NotFound's path argument is now optional, thanks to Ed Morley.
* Rack::BounceFavicon now has a description and tests, thanks to Steven
Wilkin.
* The automated Travis CI suite now tests all supported Ruby versions up to
2.4, which necessitated a few small changes.
|
|
1.7.1 (2017/09/06)
* Documentation fix.
* Fix nil warnings.
* Return current date if the Date header is not parseable.
|
|
### 0.9.1
o Added ssl_version options `TLSv1_1`, `TLSv1_2`, `TLSv1_3` for explicitly
forcing the SSL version
* requires the appropriate versions of libCURL and OpenSSL installed to
support these new options
* reference: https://curl.haxx.se/libcurl/c/CURLOPT_SSLVERSION.html
o Added a new `:http_version` option with `HTTPv1_1` and `HTTPv2_0` values to
explicitly set the HTTP version of HTTP/1.1 or HTTP/2.0
* requires the appropriate versions of libCURL and OpenSSL installed to
support these new options
* reference: https://curl.haxx.se/libcurl/c/CURLOPT_HTTP_VERSION.html
o Updates the gem release procedure for more convenience, using the updated
Rubygems.org tasks
o Update a few minor dependencies and documentation to be Ruby
2.4.1-compatible, add 2.4.1. to Travis CI matrix
o Add `Session#download_byte_limit` for limiting the permitted download size.
This can be very useful in dealing with untrusted download sources, which
might attempt to send very large responses that would overwhelm the
receiving client.
o Add `Patron.libcurl_version_exact` which returns a triplet of major, minor
and patch libCURL version numbers. This can be used for more fine-grained
matching when using some more esoteric Curl features which might not
necessarily be available on libCURL Patron has been linked against.
|
|
**Mustermann 1.0.1** (2017-08-26)
#### Docs
* Updating readme to list Ruby 2.2 as minimum
* Fix rendering of HTML table
* Update summary and description in gemspec file.
#### Fixes
* avoid infinite loop by removing comments when receiving extended regexp
* avoid unintended conflict of namespace
* use Regexp#source instead of Regexp#inspect
|
|
0.13.1 (2017/8/18)
* Fixes an incompatibility with Addressable::URI being used as uri_parser
0.13.0 (2017/8/15)
* Dynamically reloads the proxy when performing a request on an absolute
domain (#701)
* Prefer #hostname over #host. (#714)
* Adapter support for Net::HTTP::Persistent v3.0.0 (#619)
* Fixes an edge-case issue with response headers parsing (missing HTTP header)
(#719)
0.12.2 (2017/07/21)
* Parse headers from aggregated proxy requests/responses (#681)
* Guard against invalid middleware configuration with warning (#685)
* Do not use :insecure option by default in Patron (#691)
* Fixes an issue with HTTPClient not raising a Faraday::ConnectionFailed
(#702)
* Fixes YAML serialization/deserialization for Faraday::Utils::Headers (#690)
* Fixes an issue with Options having a nil value (#694)
* Fixes an issue with Faraday.default_connection not using
Faraday.default_connection_options (#698)
* Fixes an issue with Options.merge! and Faraday instrumentation middleware
(#710)
|
|
Upstream changes:
Here is the full list of fixed issues in 3.3.2.
Highlights
MDL-59492 - Gray out hidden courses in the new course overview block
MDL-57412 - Setting "Always link course sections" should apply consistently in Boost and Clean/More
MDL-58196 - "Require grade to pass" in quiz completion settings must be checked only with "Require grade", otherwise it does not work and causes confusions
MDL-57698 - Bug fix: Backup and restore cause deadlock with sqlsrv driver
Fixes and improvements
MDL-55912 - Assignment: when blind marking is enabled, students should receive teacher participant number in the email and not their own
MDL-54607 - Calendar export should not export events without duration as full-day events, i.e. assignment due dates have time component that was lost during export
MDL-59490 - Bug fix: LTI does not work when activity has a long name
MDL-55937 - Assignment: fixed error when viewing attachments of team submission
MDL-59511, MDL-59746, MDL-59539, MDL-59869 - Multiple fixes in OAuth 2 services (Google, OwnCloud, Nextcloud, etc)
MDL-35290 - My private files should continue working even if some files in filesystem are currently unreadable
MDL-57259 - Fixed bug that caused multiple debugging messages in error.log when teachers use assignment grading
MDL-56646 - Assignment: changing maximum grade of the module could result in negative grades in assignment which were pushed as "0" to the gradebook. This bug was fixed and will not happen in the future. However, according to Moodle policy, no existing grades were changed. Teachers will see the warning that there are erroneous grades and will be able to fix all of them with one click
MDL-54965 - Database module: fixed SQL error when you edit an entry after having added a new picture/file field
MDL-46495 - When uploading courses the setting "Completion tracking" should be set to the site default
MDL-59262 - Courses made via course request or "Upload course" tool should respect default course sections
MDL-59442 - Some third party modules had very big icons in the Default activity completion page
MDL-38129 - Grade export of user profile fields can now work with uppercase letters in the fields names
MDL-59317 - Performance improvements on the messages page
MDL-57246 - Trying to view a forum without the capability may lead you to a broken page.
MDL-59287 - Generate calendar event for "Expected completed on" for all modules.
MDL-55364 - Forum headers alignment on narrow screens
MDL-57649 - Lesson: Fixed bug deleting files unrelated to the pages being deleted
MDL-59195 - Assignments: when switching role to student teacher should be able to view group submissions
MDL-59068 - Lesson: Restore the behaviour of "No, I just want to go on to the next question"
Security issues
A number of security related issues were resolved. Details of these issues will be released after a period of approximately one week to allow system administrators to safely update to the latest version
|
|
author (me)
|
|
|
|
=== raindrops 0.19.0 - Rack 2.x middleware compatibility / 2017-08-09 23:52 UTC
This release fixes Rack 2.x compatibility for the few users of
Raindrops::Middleware
<https://bogomips.org/raindrops/Raindrops/Middleware.html>.
Thanks to Dmytro Shteflyuk for this release.
No need to upgrade unless you use Raindrops::Middleware with
Rack 2.x.
There's also a few minor, inconsequential cleanups.
Dmytro Shteflyuk (1):
Properly override respond_to? in Raindrops::Middleware::Proxy
Eric Wong (2):
Ruby thread compatibility updates
tcp_info: remove unnecessary extconf.h include
|
|
== 1.7.2 Bachmanity
* Add config support for ssl_version and ssl_cipher_list [frameworked]
|
|
Version 1.6.0
* Handles font-size/ line-height shorthand with spaces
|
|
# Version 2.15.1
Release date: 2017-08-04
### Fixed
* `attach_file` with no extension/MIME type when using the `:rack_test` driver
[Thomas Walpole]
# Version 2.15.0
Release date: 2017-08-04
### Added
* `sibling` and `ancestor` finders added [Thomas Walpole]
* Added ability to pass options to registered servers when setting
* Added basic built-in driver registrations `:selenium_chrome` and
`:selenium_chrome_headless` [Thomas Walpole]
* Add `and_then` to Capybara RSpec matchers which behaves like the previous
`and` compounder. [Thomas Walpole]
* Compound RSpec expectations with Capybara matchers now run both matchers
inside a retry loop rather than waiting for one to pass/fail before
checking the second. Will make `#or` more performant and confirm both
conditions are true "simultaneously" for `and`. [Thomas Walpole] If you
still want the
* Default filter values are now included in error descriptions [Thomas Walpole]
* Add `Session#refresh` [Thomas Walpole]
* Loosened restrictions on where `Session#within_window` can be called from
[Thomas Walpole]
* Switched from `mime-types` dependency to `mini_mime` [Jason Frey]
|
|
|
|
|
|
ocaml-lwt 3 and js_of_ocaml 3. These are all in the upstream github, so
should be removed with the next release.
|
|
ocaml-lwt 3. Most of these are already in the upstream github, so should
be removed at the next release.
|
|
new: allow setting correlation ID in WAMP messages from user code
fix: distribute LICENSE file in all distribution formats (using setup.cfg metadata)
|
|
|
|
|
|
Bug Fixes
* Tornado now sets the FD_CLOEXEC flag on all file descriptors it creates. This prevents hanging client connections and resource leaks when the tornado.autoreload module (or Application(debug=True)) is used.
|
|
- Drops support for Django < 1.8
- Fix deprecation warnings for Django 1.11
- Avoid touching the DB on prepare()
|
|
CVE-2017-12794: Possible XSS in traceback section of technical 500 debug page¶
In older versions, HTML autoescaping was disabled in a portion of the template for the technical 500 debug page. Given the right circumstances, this allowed a cross-site scripting attack. This vulnerability shouldn’t affect most production sites since you shouldn’t run with DEBUG = True (which makes this page accessible) in your production settings.
Bugfixes:
Fixed GEOS version parsing if the version has a commit hash at the end (new in GEOS 3.6.2).
Added compatibility for cx_Oracle 6.
Fixed select widget rendering when option values are tuples.
Django 1.11 inadvertently changed the sequence and trigger naming scheme on Oracle. This causes errors on INSERTs for some tables if 'use_returning_into': False is in the OPTIONS part of DATABASES. The pre-1.11 naming scheme is now restored. Unfortunately, it necessarily requires an update to Oracle tables created with Django 1.11.[1-4]. Use the upgrade script in 28451 comment 8 to update sequence and trigger names to use the pre-1.11 naming scheme.
Added POST request support to LogoutView, for equivalence with the function-based logout() view.
Omitted pages_per_range from BrinIndex.deconstruct() if it’s None.
Fixed a regression where SelectDateWidget localized the years in the select box.
Fixed a regression in 1.11.4 where runserver crashed with non-Unicode system encodings on Python 2 + Windows.
Fixed a regression in Django 1.10 where changes to a ManyToManyField weren’t logged in the admin change history and prevented ManyToManyField initial data in model forms from being affected by subsequent model changes.
Fixed non-deterministic results or an AssertionError crash in some queries with multiple joins.
Fixed a regression in contrib.auth’s login() and logout() views where they ignored positional arguments
|
|
Reported by: joerg@
|
|
- Can't convert Cache Result to Cache MISS by
TSHttpTxnCacheLookupStatusSet
- Unit Tests for Issue #1605 AWS Signature Version 4
- Issue #1685: Use TS_MILESTONE_UA_BEGIN for cqt* log fields
- ua_buffer_reader should be released in deallocate_redirect_postdata
- Be less aggressive in calling SSL_shutdown.
- Fixed debug build on Fedora 26 with gcc7
- Prevent HSTS headers from including the terminating null byte.
- Fix origin requests to default to HTTP 1.1
- Rework SSL handshake hooks and add tls_hooks tests.
- For 7.1.x, H2 Assertsion at Http2DependencyTree::deactivate
- Push triggered DNSConnections into an atomic queue to prevent
DNSConnection lost.
- cqtq,cqtn,cqtd,cqtt timestamp blog format to be INT again
- Remove the correct entry from priority queue and insert the new node
into the queue
- Backport PR 2336 to 7.1.x - Add missing checks for request url
- Backport PR 2338 to 7.1.x - Add null pointer check to server response
set status in Lua plugin
- Change from SHA1 to SHA512
- Fedora 26 and gcc7 support for ATS 7.1.1
- Prefer setting AM_CPPFLAGS vs. CPPFLAGS, etc.
- Added more fallthrough comments for Fedora 26 and gcc7 for ICP
- Correctly Handle EVENT_NONE in UnixNetVConnection::acceptEvent
- Out-of-bounds while get port from host field
- AWS auth v4: fixed query param value URI-encoding
- Ticket file reload shouldn't kill traffic_server process
- FD leaks when ep.start() failed or cancelled in acceptEvent or
con.connect() failed
- Cherry pick a set of Catch based commits to 7.1
- Coverity: CID 1380042:Resource leaks (RESOURCE_LEAK)
- fixing memory leak when ATS serves stale records
- S3_auth:uri(En|De)code() pass by ref,not val(master)
|
