| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Django 3.1.4 fixes several bugs in 3.1.3.
Bugfixes
Fixed setting the Content-Length HTTP header in AsyncRequestFactory.
Fixed passing extra HTTP headers to AsyncRequestFactory request methods.
Fixed crash of key transforms for JSONField on PostgreSQL when using on a Subquery() annotation.
Fixed a regression in Django 3.1 that caused a crash of auto-reloader for certain invocations of runserver on Windows with Python 3.7 and below.
Fixed a regression in Django 3.1 that caused the incorrect grouping by a Q object annotation.
Fixed a regression in Django 3.1 that caused suppressing connection errors when JSONField is used on SQLite.
Fixed a crash on SQLite, when QuerySet.values()/values_list() contained key transforms for JSONField returning non-string primitive values
|
|
v1.9.6 for CVE-2019-16278 and CVE-2019-16279 which were later
integrated by the nostromo author in version v1.9.7.
A while later, the author also released v1.9.8 and then re-released
it as v1.9.9 containing the security patches (including one more to
catch a potential buffer overflow in libmy, part of nostromo).
This update obviates the need for pkgsrc patches as they are included
in v1.9.9 now.
No functional changes to nostromo between v1.9.6 and v.1.9.9.
|
|
|
|
|
|
Changelog:
* nginx modules:
*) Feature: introduced global "ngx" object.
The following methods were added:
ngx.log(level, msg)
The following properties were added:
ngx.INFO,
ngx.WARN,
ngx.ERR.
*) Feature: added support for Buffer object where string
is expected.
*) Feature: added Buffer version of existing properties.
The following properties were added:
r.requestBuffer (r.requestBody),
r.responseBuffer (r.responseBody),
r.rawVariables (r.variables),
s.rawVariables (s.variables).
The following events were added in stream module:
upstream (upload),
downstream (download).
*) Improvement: added aliases to existing properties.
The following properties were added:
r.requestText (r.requestBody),
r.responseText (r.responseBody).
*) Improvement: throwing an exception in r.internalRedirect()
for a subrequest.
*) Bugfix: fixed promise r.subrequest() with error_page redirect.
*) Bugfix: fixed promise events handling.
* Core:
*) Feature: added TypeScript definitions for built-in
modules.
Thanks to Jakub Jirutka.
*) Feature: tracking unhandled promise rejection.
*) Feature: added initial iterator support.
Thanks to Artem S. Povalyukhin.
*) Improvement: TypeScript definitions are refactored.
Thanks to Jakub Jirutka.
*) Improvement: added forgotten support for
Object.prototype.valueOf() in Buffer.from().
*) Bugfix: fixed heap-use-after-free in JSON.parse().
*) Bugfix: fixed heap-use-after-free in JSON.stringify().
*) Bugfix: fixed JSON.stringify() for arrays resizable via
getters.
*) Bugfix: fixed heap-buffer-overflow for
RegExp.prototype[Symbol.replace].
*) Bugfix: fixed returned value for Buffer.prototype.write*
functions.
*) Bugfix: fixed querystring.stringify().
Thanks to Artem S. Povalyukhin.
*) Bugfix: fixed the catch handler for
Promise.prototype.finally().
*) Bugfix: fixed querystring.parse().
|
|
|
|
add options for other SSL libraries later. Add 'libdbi' option to enable
mod_vhostdb_dbi and the new mod_authn_dbi module, off by default. Bump
PKGREVISION.
|
|
2.7.1:
* Add support for Django 3.1
|
|
# Highlights
- HTTP/2 support
- must be enabled in lighttpd.conf in lighttpd 1.4.56;
may be enabled by default in a future release
- `server.feature-flags += ("server.h2proto" => "enable", "server.h2c" => "enable")`
- TLS library options: OpenSSL, mbedTLS, wolfSSL, GnuTLS, NSS
- mod_openssl (existing)
- mod_mbedtls (experimental)
- mod_wolfssl (experimental)
- mod_gnutls (experimental)
- mod_nss (experimental)
- TLS OCSP stapling
(except mbedTLS; not currently supported by mbedTLS)
- TLS session ticket key rotation control
(except NSS; API limitation in NSS)
- mod_deflate brotli support
- mod_proxy makes HTTP/1.1 requests to backends (change from HTTP/1.0)
- RFC 8297 support for 103 Early Hints produced by backends (scripts)
- graceful restart option to transfer listen fds (minimal pause)
- `server.systemd-socket-activation = "enable"`
- `server.feature-flags += ("server.graceful-restart-bg" => "enable", "server.graceful-shutdown-timeout" => "15")`
# Behavior Changes
- mod_openssl
- default MinProtocol TLSv1.2
TLSv1 and TLSv1.1 are deprecated and no longer supported by major browsers.
<https://news.netcraft.com/archives/2020/03/03/browsers-on-track-to-block-850000-tls-1-0-sites.html>
If prior behavior is required, configure:
`ssl.openssl.ssl-conf-cmd = ("MinProtocol" => "TLSv1")`
If using openssl <= 1.0.2 (end-of-life)
`ssl.openssl.ssl-conf-cmd = ("Protocol" => "-ALL, TLSv1, TLSv1.1, TLSv1.2")`
- (internal) TLS session cache is disabled by default,
replaced by lighttpd robust TLSv1.2 session ticket support
If backward compatibility is needed:
`server.feature-flags += ("ssl.session-cache" => "enable")`
- (internal) openssl creates a session ticket encryption key per SSL_CTX.
lighttpd 1.4.56 and later assigns a single session ticket encryption key
for the lighttpd server (across all SSL_CTX) for consistency.
- behavior change with ssl.ca-dn-file (uncommon); applies to client
certificate verification and ssl.ca-dn-file (uncommon)
If client certificate verification is enabled
(ssl.verifyclient.activate = "enable"),
all CAs used for client certificate verification must be present in
ssl.ca-file. This is the typical use case when client certificate
verification is enabled. Certificates in (optional) ssl.ca-dn-file
are used to send issuer names to client when the server sends a
client certificate request. These names are use by the client
during certificate selection, and the server requires that the
certificate sent by the client be issued by one of the subjects
in ssl.ca-dn-file.
(Prior behavior merged ssl.ca-file and ssl.ca-dn-file for trusted CAs.
New behavior requires all trusted CAs be listed in ssl.ca-file,
and a subset be duplicated into ssl.ca-dn-file to specify allowed
client cert issuer.)
- mod_deflate: support for bzip2 is now disabled by default in the build
- (enable using `./configure --with-bzip2`)
bzip2 Content-Encoding is not widely supported
Prefer to build `--with-brotli`
brotli Content-Encoding is more widely supported than bzip2
# Future Scheduled Behavior Changes
- HTTP/2 support will be enabled by default in a future release
- graceful restart/shutdown default timeout will change from
0 (infinite/no timeout) to 5 seconds (or some similar non-zero period)
configure an alternative with:
`server.feature-flags += ("server.graceful-shutdown-timeout" => 5)`
- mod_compress is DEPRECATED; use mod_deflate
mod_compress has been subsumed by mod_deflate
Note: mod_compress config options may be removed in a future release
- mod_geoip is DEPRECATED; use mod_maxminddb
Note: mod_geoip will be removed from a future lighttpd release
- mod_authn_mysql is DEPRECATED; use mod_authn_dbi
Note: mod_authn_mysql will be removed from a future lighttpd release
- mod_mysql_vhost is DEPRECATED; use mod_vhostdb_dbi or mod_vhostdb_mysql
Note: mod_mysql_vhost will be removed from a future lighttpd release
- mod_cml is DEPRECATED; use mod_magnet
Note: mod_cml will be removed from a future lighttpd release
|
|
Changelog:
Changes
Inidicate preview availability in share api responses (server#23419)
CalDavBackend: check if timerange is array before accessing (server#23563)
Some emojis are in CHAR_CATEGORY_GENERAL_OTHER_TYPES (server#23575)
Also expire share type email (server#23583)
Only use index of mount point when it is there (server#23611)
Only retry fetching app store data once every 5 minutes in case it fails (server#23633)
Bring back the restore share button (server#23636)
Fix updates of NULL appconfig values (server#23641)
Fix sharing input placeholder for emails (server#23646)
Use bigint for fileid in filecache_extended (server#23690)
Enable theming background transparency (server#23699)
Fix sharer flag on ldap:show-remnants when user owned more than a single share (server#23702)
Make sure the function signatures of the backgroundjob match (server#23710)
Check if array elements exist before using them (server#23713)
Fix default quota display value in user row (server#23726)
Use lib instead if core as l10n module in OC_Files (server#23727)
Specify accept argument to avatar upload input field (server#23732)
Save email as lower case (server#23733)
Reset avatar cropper before showing (server#23736)
Also run the SabreAuthInitEvent for the main server (server#23745)
Type the \OCP\IUserManager::callForAllUsers closure with Psalm (server#23749)
Type the \OCP\AppFramework\Services\IInitialState::provideLazyInitial… (server#23751)
Don't overwrite the event if we use it later (server#23753)
Inform the user when flow config data exceeds thresholds (server#23759)
Type the \OCP\IUserManager::callForSeenUsers closure with Psalm (server#23763)
Catch errors when closing file conflict dialog (server#23774)
Document the backend registered events of LDAP (server#23779)
Fetch the logger and system config once for all query builder instances (server#23787)
Type the event dispatcher listener callables with Psalm (server#23789)
Only run phpunit when "php" changed (server#23794)
Remove bold font-weight and lower font-size for empty search box (server#23829)
No need to check if there is an avatar available, because it is gener… (server#23846)
Ensure filepicker list is empty before populating (server#23850)
UserStatus: clear status message if message is null (server#23858)
Fix grid view toggle in tags view (server#23874)
Restrict query when searching for versions of trashbin files (server#23884)
Fix potentially passing null to events where IUser is expected (server#23894)
Make user status styles scoped (server#23899)
Move help to separate stylesheet (server#23900)
Add default font size (server#23902)
Do not emit UserCreatedEvent twice (server#23917)
Bearer must be in the start of the auth header (server#23924)
Fix casting of integer and boolean on Oracle (server#23935)
Skip already loaded apps in loadApps (server#23948)
Fix repair mimetype step to not leave stray cursors (server#23950)
Improve query type detection (server#23951)
Fix iLike() falsely turning escaped % and _ into wildcards (server#23954)
Replace some usages of OC_DB in OC\Share\* with query builder (server#23955)
Use query builder instead of OC_DB in trashbin (server#23971)
Fix greatest/least order for oracle (server#23975)
Fix link share label placeholder not showing (server#23992)
Unlock when promoting to exclusive lock fails (server#23995)
Make sure root storage is valid before checking its size (server#23996)
Use query builder instead of OC_DB in OC\Files\* (server#23998)
Shortcut to avoid file system setup when generating the logo URL (server#24001)
Remove old legacy scripts references (server#24004)
Fix js search in undefined ocs response (server#24012)
Don't leave cursors open (server#24033)
Fix sharing tab state not matching resharing admin settings (server#24044)
Run unit tests against oracle (server#24049)
Use png icons in caldav reminder emails (server#24050)
Manually iterate over calendardata when oracle is used (server#24058)
Make is_user_defined nullable so we can store false on oracle (server#24079)
Fix default internal expiration date enforce (server#24081)
Register new command db:add-missing-primary-keys (server#24106)
Convert the card resource to a string if necessary (server#24114)
Don't throw on SHOW VERSION query (server#24147)
Bump dompurify to 2.2.2 (server#24153)
Set up FS before querying storage info in settings (server#24156)
Fix default internal expiration date (server#24159)
CircleId too short in some request (server#24178)
Revert "circleId too short in some request" (server#24183)
Missing level in ScopedPsrLogger (server#24212)
Fix activity spinner on empty activity (activity#523)
Add OCI github action (activity#528)
Disable download button by default (files_pdfviewer#257)
Feat/dependabot ga/stable20 (firstrunwizard#442)
Fix loading notifications without a message on oracle (notifications#796)
Do not setup appdata in constructor to avoid errors causing the whole instance to stop working (text#1105)
Bump eslint-plugin-standard from 4.0.1 to 4.0.2 (text#1125)
Bump sass-loader from 10.0.1 to 10.0.5 (text#1134)
Bump webpack from 4.44.1 to 4.44.2 (text#1140)
Bump dependencies to version in range (text#1164)
Validate link on click (text#1166)
Add migration to fix oracle issues with the database schema (text#1177)
Bump cypress from 4.12.1 to 5.1.0 (text#1179)
Fix URL escaping of shared files (viewer#681)
Fix component click outside and cleanup structure (viewer#684)
|
|
0.6.3
Added
- Added Polish translation
- Added Japanese translation
|
|
Perhaps this contains a fix for the buffer overflows seen in PR pkg/55809.
Fixes:
o Fix sporadic eol problem with some IIS/W3C logs
o Fix compiler directive syntax error (broke some 64 bit systems)
Changes/Additions:
o Modest speed improvements in hash table code
|
|
Nghttp2 v1.42.0
This release includes security advisory.
lib
The UBSAN errors are now fixed.
nghttp2_map is now backed by tree for storing collisions.
doc
Some clarifications are made for nghttp2_session_send function.
build
The missing cmake/FindSystemd.cmake has been added to the tar distribution.
|
|
1.9.2
* WARNING: This *is* the last version supporting Python 2.
* Confirmed support for Django 3.0.
* Prevented deprecation warnings with Django 3.0.
* Updated Danish and Indonesian translations.
|
|
0.12.2
Fixed
- Properly wrap connect errors on the asyncio backend.
- Fix `ImportError` occurring on Python 3.9 when using the HTTP/1.1 sync client in a multithreaded context.
0.12.1
Added
- Add connect retries.
Fixed
- Tweak detection of dropped connections, resolving an issue with open files limits on Linux.
- Avoid leaking connections when establishing an HTTP tunnel to a proxy has failed.
- Properly wrap OS errors when using `trio`.
|
|
|
|
Submitted by Brian Ewell in joyent/pkgsrc#289, minor changes by myself.
|
|
0.92.5:
Bug fixes
|
|
|
|
Very unrealistic these will be able to build Firefox now.
|
|
Changes with nginx 1.19.5 24 Nov 2020
*) Feature: the -e switch.
*) Feature: the same source files can now be specified in different
modules while building addon modules.
*) Bugfix: SSL shutdown did not work when lingering close was used.
*) Bugfix: "upstream sent frame for closed stream" errors might occur
when working with gRPC backends.
*) Bugfix: in request body filters internal API.
|
|
0.12.3
Fixed
Fix race condition that leads Quart to hang with uvicorn
Use latin1 when decoding X-Forwarded-* headers
Rework IPv6 support
Cancel old keepalive-trigger before setting new one.
|
|
1.26.2
* Fixed an issue where ``wrap_socket`` and ``CERT_REQUIRED`` wouldn't
be imported properly on Python 2.7.8 and earlier
|
|
0.92.1:
Unknown changes
|
|
Changelog:
Merge pull request #72 from ku/output-formatter
Pretty-print formatter
|
|
|
|
|
|
1.12.8
Documentation
add httplib2 authorization to thread_safety
1.12.7
Documentation
Update Webmasters API sample
1.12.6
Documentation
Change error parsing to check for 'message'
Update oauth docs to include snippet to get email address of authenticated user
|
|
From the Changelog:
* pytz is an explicit dependency.
* pytz.gae, used for Google App Engine, is no longer necessary and has been removed.
* Fixed a deprecated werkzeug import.
* Fix issues switching locales in threaded contexts.
|
|
Phalcon is a full stack PHP framework offering low resource consumption and
high performance.
See https://pecl.php.net/package/phalcon
|
|
|
|
Phalcon is a full stack PHP framework offering low resource consumption and
high performance.
See https://pecl.php.net/package/phalcon
|
|
Changes:
2.30.3
======
- Add new build option USE(64KB_PAGE_BLOCK).
- Fix backdrop filters with rounded borders.
- Fix scrolling iframes when async scrolling is enabled.
- Allow applications to handle drag and drop on the web view again.
- Update Outlook user agent quirk.
- Fix the build with video support disabled.
- Fix several crashes and rendering issues.
|
|
3.7.3
=====
Features
--------
- Use Brotli instead of brotlipy
- Made exceptions pickleable. Also changed the repr of some exceptions.
Bugfixes
--------
- Raise a ClientResponseError instead of an AssertionError for a blank
HTTP Reason Phrase.
- Fix ``web_middlewares.normalize_path_middleware`` behavior for patch without slash.
- Fix overshadowing of overlapped sub-applications prefixes.
- Make `BaseConnector.close()` a coroutine and wait until the client closes all connections. Drop deprecated "with Connector():" syntax.
- Reset the ``sock_read`` timeout each time data is received for a ``aiohttp.client`` response.
- Fixed type annotation for add_view method of UrlDispatcher to accept any subclass of View
- Fixed querying the address families from DNS that the current host supports.
- Change return type of MultipartReader.__aiter__() and BodyPartReader.__aiter__() to AsyncIterator.
- Provide x86 Windows wheels.
Improved Documentation
----------------------
- Add documentation for ``aiohttp.web.FileResponse``.
- Removed deprecation warning in tracing example docs
- Fixed wrong "Usage" docstring of ``aiohttp.client.request``.
- Add aiohttp-pydantic to third party libraries
|
|
|
|
Switch to go-modules and tidy up.
There have been 59 releases and nearly 3,000 lines of changelog since 0.55.6,
so apologies, but if you want a changelog you'll need to browse:
https://github.com/gohugoio/hugo/releases
to see what changed as it's impractical to list them here.
|
|
Binary built version of hugo, a static website engine written in Go.
|
|
|
|
Security Vulnerabilities fixed in Firefox ESR 78.5
#CVE-2020-26951: Parsing mismatches could confuse and bypass security
sanitizer for chrome privileged code
#CVE-2020-16012: Variable time processing of cross-origin images during
drawImage calls
#CVE-2020-26953: Fullscreen could be enabled without displaying the security
UI
#CVE-2020-26956: XSS through paste (manual and clipboard API)
#CVE-2020-26958: Requests intercepted through ServiceWorkers lacked MIME
type restrictions
#CVE-2020-26959: Use-after-free in WebRequestService
#CVE-2020-26960: Potential use-after-free in uses of nsTArray
#CVE-2020-15999: Heap buffer overflow in freetype
#CVE-2020-26961: DoH did not filter IPv4 mapped IP Addresses
#CVE-2020-26965: Software keyboards may have remembered typed passwords
#CVE-2020-26966: Single-word search queries were also broadcast to local
network
#CVE-2020-26968: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5
|
|
Fixes pkgsrc handling of the frontend artefacts, various files were previously
missing, leading to errors in the web interface.
Changes since 1.12.1:
## [1.12.6](https://github.com/go-gitea/gitea/releases/tag/v1.12.6) - 2020-11-11
* SECURITY
* Prevent git operations for inactive users (#13527) (#13537)
* Disallow urlencoded new lines in git protocol paths if there is a port (#13521) (#13525)
* BUGFIXES
* API should only return Json (#13511) (#13564)
* Fix before and since query arguments at API (#13559) (#13560)
* Prevent panic on git blame by limiting lines to 4096 bytes at most (#13470) (#13492)
* Fix link detection in repository description with tailing '_' (#13407) (#13408)
* Remove obsolete change of email on profile page (#13341) (#13348)
* Fix permission check on get Reactions API endpoints (#13344) (#13346)
* Add migrated pulls to pull request task queue (#13331) (#13335)
* API deny wrong pull creation options (#13308) (#13327)
* Fix initial commit page & binary munching problem (#13249) (#13259)
* Fix diff parsing (#13157) (#13136) (#13139)
* Return error 404 not 500 from API if team does not exist (#13118) (#13119)
* Prohibit automatic downgrades (#13108) (#13111)
* Fix GitLab Migration Option AuthToken (#13101)
* GitLab Label Color Normalizer (#12793) (#13100)
* Log the underlying panic in runMigrateTask (#13096) (#13098)
* Fix attachments list in edit comment (#13036) (#13097)
* Fix deadlock when deleting team user (#13093)
* Fix error create comment on outdated file (#13041) (#13042)
* Fix repository create/delete event webhooks (#13008) (#13027)
* Fix internal server error on README in submodule (#13006) (#13016)
## [1.12.5](https://github.com/go-gitea/gitea/releases/tag/v1.12.5) - 2020-10-01
* BUGFIXES
* Allow U2F with default settings for gitea in subpath (#12990) (#13001)
* Prevent empty div when editing comment (#12404) (#12991)
* On mirror update also update address in DB (#12964) (#12967)
* Allow extended config on cron settings (#12939) (#12943)
* Open transaction when adding Avatar email-hash pairs to the DB (#12577) (#12940)
* Fix internal server error from ListUserOrgs API (#12910) (#12915)
* Update only the repository columns that need updating (#12900) (#12912)
* Fix panic when adding long comment (#12892) (#12894)
* Add size limit for content of comment on action ui (#12881) (#12890)
* Convert User expose ID each time (#12855) (#12883)
* Support slashes in release tags (#12864) (#12882)
* Add missing information to CreateRepo API endpoint (#12848) (#12867)
* On Migration respect old DefaultBranch (#12843) (#12858)
* Fix notifications page links (#12838) (#12853)
* Stop cloning unnecessarily on PR update (#12839) (#12852)
* Escape more things that are passed through str2html (#12622) (#12850)
* Remove double escape on labels addition in comments (#12809) (#12810)
* Fix "only mail on mention" bug (#12775) (#12789)
* Fix yet another bug with diff file names (#12771) (#12776)
* RepoInit Respect AlternateDefaultBranch (#12746) (#12751)
* Fix Avatar Resize (resize algo NearestNeighbor -> Bilinear) (#12745) (#12750)
* ENHANCEMENTS
* gitea dump: include version & Check InstallLock (#12760) (#12762)
## [1.12.4](https://github.com/go-gitea/gitea/releases/tag/v1.12.4) - 2020-09-02
* SECURITY
* Escape provider name in oauth2 provider redirect (#12648) (#12650)
* Escape Email on password reset page (#12610) (#12612)
* When reading expired sessions - expire them (#12686) (#12690)
* ENHANCEMENTS
* StaticRootPath configurable at compile time (#12371) (#12652)
* BUGFIXES
* Fix to show an issue that is related to a deleted issue (#12651) (#12692)
* Expire time acknowledged for cache (#12605) (#12611)
* Fix diff path unquoting (#12554) (#12575)
* Improve HTML escaping helper (#12562)
* models: break out of loop (#12386) (#12561)
* Default empty merger list to those with write permissions (#12535) (#12560)
* Skip SSPI authentication attempts for /api/internal (#12556) (#12559)
* Prevent NPE on commenting on lines with invalidated comments (#12549) (#12550)
* Remove hardcoded ES indexername (#12521) (#12526)
* Fix bug preventing transfer to private organization (#12497) (#12501)
* Keys should not verify revoked email addresses (#12486) (#12495)
* Do not add prefix on http/https submodule links (#12477) (#12479)
* Fix ignored login on compare (#12476) (#12478)
* Fix incorrect error logging in Stats indexer and OAuth2 (#12387) (#12422)
* Upgrade google/go-github to v32.1.0 (#12361) (#12390)
* Render emoji's of Commit message on feed-page (#12373)
* Fix handling of diff on unrelated branches when Git 2.28 used (#12370)
## [1.12.3](https://github.com/go-gitea/gitea/releases/tag/v1.12.3) - 2020-07-28
* BUGFIXES
* Don't change creation date when updating Release (#12343) (#12351)
* Show 404 page when release not found (#12328) (#12332)
* Fix emoji detection in certain cases (#12320) (#12327)
* Reduce emoji size (#12317) (#12327)
* Fix double-indirection bug in logging IDs (#12294) (#12308)
* Link to pull list page on sidebar when view pr (#12256) (#12263)
* Extend Notifications API and return pinned notifications by default (#12164) (#12232)
## [1.12.2](https://github.com/go-gitea/gitea/releases/tag/v1.12.2) - 2020-07-11
* BUGFIXES
* When deleting repository decrese user repository count in cache (#11954) (#12188)
* Return full commit message instead of summary in commits API (#12186) (#12187)
* Properly set HEAD when a repo is created with a default branch that is not named 'master' (#12135) (#12182)
* Ensure GPG Subkeys are verified (#12155) (#12168)
* Fix failing to cache last commit with key being to long (#12151) (#12161)
* Multiple small admin dashboard fixes (#12153) (#12156)
* Remove spurious logging of " Delete all repository archives" at startup (#12139) (#12148)
* Fix repository setup instructions when default branch is not named 'master' (#12122) (#12147)
* Move EventSource to SharedWorker (#12095) (#12130)
* Fix ui bug in wiki commit page (#12089) (#12125)
* Fix gitgraph branch continues after merge (#12044) (#12105)
* Set the base url when migrating from Gitlab using access token or username without password (#11852) (#12104)
* Ensure BlameReaders close at end of request (#12102) (#12103)
* Fix panic when adding review comment (#12058)
* ENHANCEMENTS
* Disable dropzone's timeout for file uploads (#12024) (#12032)
|
|
|
|
|
|
* Sync with www/firefox-83.0.
|
|
Changelog:
Version 83.0, first offered to Release channel users on November 17, 2020
New
* Firefox keeps getting faster as a result of significant updates to
SpiderMonkey, our JavaScript engine, you will now experience improved page
load performance by up to 15%, page responsiveness by up to 12%, and
reduced memory usage by up to 8%. We have replaced part of the JavaScript
engine that helps to compile and display websites for you, improving
security and maintainability of the engine at the same time.
* Firefox introduces HTTPS-Only Mode. When enabled, this new mode ensures
that every connection Firefox makes to the web is secure and alerts you
when a secure connection is not available. You can enable it in Firefox
Preferences.
* Pinch zooming will now be supported for our users with Windows touchscreen
devices and touchpads on Mac devices. Firefox users may now use pinch to
zoom on touch-capable devices to zoom in and out of webpages.
* Picture-in-Picture now supports keyboard shortcuts for fast forwarding and
rewinding videos: use the arrow keys to move forward and back 15 seconds,
along with volume controls. For a list of supported commands see Support
Mozilla
* When you are presenting your screen on a video conference in Firefox, you
will see our improved user interface that makes it clearer which devices or
displays are being shared.
* We've improved functionality and design for a number of Firefox search
features:
+ Selecting a search engine at the bottom of the search panel now enters
search mode for that engine, allowing you to see suggestions (if
available) for your search terms. The old behavior (immediately
performing a search) is available with a shift-click.
+ When Firefox autocompletes the URL of one of your search engines, you
can now search with that engine directly in the address bar by
selecting the shortcut in the address bar results.
+ We've added buttons at the bottom of the search panel to allow you to
search your bookmarks, open tabs, and history.
* Firefox supports AcroForm, which will allow you to fill in, print, and save
supported PDF forms and the PDF viewer also has a new fresh look.
* Our users in India on the English build of Firefox will now see Pocket
recommendations in their new tab featuring some of the best stories on the
web. If you don't see them, you can turn on Pocket articles in your new
tab by following these steps.
* For the recently released Apple devices built with Apple Silicon CPUs, you
can use Firefox 83 and future releases without any change. This release
(83) will support emulation under Apple's Rosetta 2 that ships with macOS
Big Sur. We are working toward Firefox being natively-compiled for these
CPUs in a future release.
* This is a major release for WebRender as we roll out to more Firefox users
on Windows 7 and 8 as well as on macOS 10.12 to 10.15.
Fixed
* This release also includes a number of accessibility fixes:
+ Screen reader features which report paragraphs now correctly report
paragraphs instead of lines in Google Docs
+ When reading by word using a screen reader, words are now correctly
reported when there is punctuation nearby
+ The arrow keys now work correctly after tabbing in the
picture-in-picture window
* For users on macOS restoring a session with minimized windows, Firefox now
uses much less power and you should see much longer battery life.
* Various security fixes
Security fixes:
#CVE-2020-26951: Parsing mismatches could confuse and bypass security sanitizer for chrome privileged code
#CVE-2020-26952: Out of memory handling of JITed, inlined functions could lead to a memory corruption
#CVE-2020-16012: Variable time processing of cross-origin images during drawImage calls
#CVE-2020-26953: Fullscreen could be enabled without displaying the security UI
#CVE-2020-26954: Local spoofing of web manifests for arbitrary pages in Firefox for Android
#CVE-2020-26955: Cookies set during file downloads are shared between normal and Private Browsing Mode in Firefox for Android
#CVE-2020-26956: XSS through paste (manual and clipboard API)
#CVE-2020-26957: OneCRL was not working in Firefox for Android
#CVE-2020-26958: Requests intercepted through ServiceWorkers lacked MIME type restrictions
#CVE-2020-26959: Use-after-free in WebRequestService
#CVE-2020-26960: Potential use-after-free in uses of nsTArray
#CVE-2020-15999: Heap buffer overflow in freetype
#CVE-2020-26961: DoH did not filter IPv4 mapped IP Addresses
#CVE-2020-26962: Cross-origin iframes supported login autofill
#CVE-2020-26963: History and Location interfaces could have been used to hang the browser
#CVE-2020-26964: Firefox for Android's Remote Debugging via USB could have been abused by untrusted apps on older versions of Android
#CVE-2020-26965: Software keyboards may have remembered typed passwords
#CVE-2020-26966: Single-word search queries were also broadcast to local network
#CVE-2020-26967: Mutation Observers could break or confuse Firefox Screenshots feature
#CVE-2020-26968: Memory safety bugs fixed in Firefox 83 and Firefox ESR 78.5
#CVE-2020-26969: Memory safety bugs fixed in Firefox 83
|
|
Reported by Riastradh
|
|
1.6.3:
Bugfixes
- No longer loose characters when decoding incorrect percent-sequences (like ``%e2%82%f8``). All non-decodable percent-sequences are now preserved.
- Provide x86 Windows wheels.
|
|
Bump revision.
|
|
|
|
At least on some non-pkgsrc setup it can be accidentally picked up.
Noticed by Dr. Thomas Orgis via tech-pkg@.
|
|
Upstream changelog please visit:
https://docs.moodle.org/dev/Moodle_3.10_release_notes
|
