| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
* If the URI contains "user:pass@" part, use it for Basic Authorization
* Add a test harness.
* Don't leak a socket when getHostAddr throws an exception.
* Send cookies in request format, not response format.
* Moved BrowserAction to be a StateT IO, with instances for
Applicative, MonadIO, MonadState.
* Add method to control size of connection pool.
* Consider both host and port when reusing connections.
* Handle response code 304 "not modified" properly.
* Fix digest authentication by fixing md5 output string rep.
* Make the default user agent string follow the package version.
* Document lack of HTTPS support and fail when clients try
to use it instead of silently falling back to HTTP.
* Add helper to set the request type and body.
|
|
This version of grafana has a vendored copy of xerrors which uses some
calls that were removed later in the Go 1.13 development process.
|
|
Changelog picked from https://github.com/nifty-site-manager/nsm/releases:
Nift (aka nsm) v1.25
* changed the way @ is escaped and removed most escape characters
(too likely to conflict in other places)
* added @ent syntax to template language
* added @\@, @\<, @\\ escaping syntax to template language
* improved reading parameters
* changed how strings/variables are done in preparation for more
types (to come, type defs and function defs)
* now allow multiple string definitions in the one definition
* improved syntax for inputting tracked file and project/site
information, now basically hard-coded constants
* fixed bug with delDir, which fixed bugs with clone etc.
* removed website specific terminology (lots of changes)
* added Nift command backup-scripts (option)
* changed one of the Nift config commands to info-config
* added Nift command info-tracking
* check if new content path etc. exist with new-cont-ext etc.
* check whether content file already exists when moving/copying
* make sure all tracks/untracks/rms will be successful before
any of them are done
|
|
Changes with nginx 1.17.7
*) Bugfix: a segmentation fault might occur on start or during
reconfiguration if the "rewrite" directive with an empty replacement
string was used in the configuration.
*) Bugfix: a segmentation fault might occur in a worker process if the
"break" directive was used with the "alias" directive or with the
"proxy_pass" directive with a URI.
*) Bugfix: the "Location" response header line might contain garbage if
the request URI was rewritten to the one containing a null character.
*) Bugfix: requests with bodies were handled incorrectly when returning
redirections with the "error_page" directive; the bug had appeared in
0.7.12.
*) Bugfix: socket leak when using HTTP/2.
*) Bugfix: a timeout might occur while handling pipelined requests in an
SSL connection; the bug had appeared in 1.17.5.
*) Bugfix: in the ngx_http_dav_module.
|
|
|
|
Changelog:
Version 17.0.2 December 20 2019
Changes
Actually return the quote when getting global storage info (server#17851)
Also set X-OC-Mtime header for files that are smaller than 10MB (server#17858)
FIX: horizontal scrolling on mobile due to tab accessibility navigation 'skip to content' positioned at a fixed position (server#17883)
Fix reshare with circle (server#17916)
Bump icewind/searchdav (server#17919)
Make timeout a optional parameter (server#17925)
Check quota before transfer ownership (server#17928)
Re-acquired expired shared locks on large file uploads (server#17945)
Pass through ServerNotAvailableException on app init (server#17952)
Do not check for updates if we have no internet (server#18036)
Convert more columns to bigint (server#18040)
Fix installing with MySQL 8.0.4+ (server#18043)
Uid can be false when the user record does not exit (server#18047)
Update the CRL (server#18050)
Make chunksize (used to check for gone LDAP users) configurable (server#18054)
Remove objectstore credentials (server#18075)
Incorrect integer value: '' for column 'password_invalid' while migra… (server#18100)
Trim the login name (server#18156)
Delay creation of the cert bundle (server#18186)
Handle token insert conflicts (server#18189)
Throw an invalid token exception is token is marked outdated (server#18198)
Backport #18120 (server#18205)
Mark "Talk" active on /call/token URLs (server#18221)
Allow to unfavorite all files (server#18247)
Hide the tooltip if the list row is rerendered (server#18252)
Move overwritehost check to isTrustedDomain (server#18306)
Convert various columns in oc_mounts to bigint (server#18307)
Do not disable authentication apps (server#18332)
Sharee API GS fixes (server#18337)
Handle IPv6 addresses with an explict incoming interface at the end (server#18352)
Adding share type circles (server#18355)
Fix restoring shared versions (server#18358)
Support more IPv6 addresses in the RefreshWebcalJob (server#18366)
Bump the CRL (server#18375)
Allow to detect mimetype by content (server#18386)
Bump serialize-javascript and handlebars (server#18419)
Update icewind/searchdav to 1.0.2 (3rdparty#351)
Is_dir can be null on blacklisted files (activity#407)
Remove debug log (activity#412)
Stable17 Use @nextcloud/axios so the csrf token gets refreshed (notifications#471)
Fix header icon hover & focus feedback (notifications#495)
Fix cutting of multibyte characters (notifications#499)
Do not send push notifications when nothing was deleted (notifications#506)
Version 17.0.1 November 9 2019
Changes
Always use the folder icon depending on the mount type if not a share mount (server#17156)
Fix "create folder" icon overlaying home icon (server#17219)
Fix directory detection for s3 (server#17273)
Fix user with id 0 to be able to comment (server#17274)
Handle moveFromStorage within the same storage even when storage wrap… (server#17277)
Dont delete cache entries if deleting an object from object store failed (server#17281)
Correctly detect the mimetype from uploads (server#17295)
Add (hidden) option to configure smb timeout (server#17298)
Position fixed for .toastify.toast (server#17300)
Fix fetching additional search results on scrolling down (server#17305)
Bring the default font size up to 15px (server#17309)
Use handlebars from node_modules (on CI) (server#17348)
Reduce adressbook change events and handling (server#17351)
Fix typo in "which" (server#17358)
Fix updating and deleting authtokens (server#17415)
Allow removing federated shares of locally reshared files (server#17418)
Fix oauth client redirect (server#17438)
Don't call basename on null (server#17444)
Fix axios csrf token update event (server#17453)
Use @nextcloud/axios to keep the CSRF token in sync (server#17455)
Kill ui-regression ci job (server#17457)
Force hide tooltips on sidebar close (server#17493)
Only cache the mimetype if the file exists (server#17538)
Set the proper filename for version downloads (server#17541)
Load additional scripts on help page (server#17578)
Let SCSS cleanup only run once (server#17579)
Pass on direct query parameter during login (server#17581)
Added documentation links on settings pages (server#17589)
Include the share in the Files_Sharing::loadAdditionalScripts event (server#17597)
Treat LDAP error 50 as auth issue, prevents lost server connection errors (server#17617)
Hide strange Everyone and Disabled group numbers with LDAP (server#17621)
Fix browser back button (server#17638)
Fix filename overlapping on mobile (server#17676)
Harden middleware check (server#17681)
Fix jsConfigHelper lang/locale mixup (server#17686)
Fix weird KDE bug with loginflowv2 (server#17688)
Make sure limit is never negative (server#17716)
Fix DAV mimetype search (server#17731)
Return null from migration to match with typehint (server#17742)
Do not show 'Get your own free account' on services under subscription (server#17748)
Fix action menu on mobile (server#17766)
Bring back external storage group select delete (server#17767)
Switch to Files Node API for zip generation (server#17840)
Use correct route to generate (nextcloud_announcements#56)
Name of the collector is `Php`. (survey_client#98)
Update version on master (viewer#232)
Bump eslint-plugin-node from 9.2.0 to 10.0.0 (viewer#235)
Bump @babel/core from 7.5.5 to 7.6.0 (viewer#236)
Bump @babel/preset-env from 7.5.5 to 7.6.0 (viewer#237)
Bump webpack-cli from 3.3.7 to 3.3.8 (viewer#238)
Bump webpack from 4.39.3 to 4.40.1 (viewer#242)
Bump webpack from 4.40.1 to 4.40.2 (viewer#245)
Bump webpack-cli from 3.3.8 to 3.3.9 (viewer#250)
Bump eslint-config-nextcloud from 0.0.5 to 0.0.6 (viewer#258)
Bump url-loader from 2.1.0 to 2.2.0 (viewer#259)
|
|
* Sync with www/firefox68-68.3.0
|
|
* Sync with www/firefox60-60.9.0
|
|
* Fix build with rust-1.39.0
Changelog:
#CVE-2019-11746: Use-after-free while manipulating video
#CVE-2019-11744: XSS by breaking out of title and textarea elements using innerHTML
#CVE-2019-11742: Same-origin policy violation with SVG filters and canvas to steal cross-origin images
#CVE-2019-11753: Privilege escalation with Mozilla Maintenance Service in custom Firefox installation location
#CVE-2019-11752: Use-after-free while extracting a key value in IndexedDB
#CVE-2019-9812: Sandbox escape through Firefox Sync
#CVE-2019-11743: Cross-origin access to unload event attributes
#CVE-2019-11740: Memory safety bugs fixed in Firefox 69, Firefox ESR 68.1, and Firefox ESR 60.9
|
|
Accept ruby25 and ruby26 but not ruby24 any more.
|
|
Relax dependency to sprockets-rails.
Bump PKGREVISION.
|
|
recurse to reverse dependencies.
|
|
|
|
it.
|
|
|
|
|
|
firefox68 tries to use pkg-build-options to find out if gtk3 was (or
will be) built with wayland, as that affects the PLIST. The current
code works for some and causes failures for others, including failures
of thunderbird. pkg-build-options insists on only being called from
bl3, but the use in Makefile (to manage PLIST changes) seems sensible.
This commit removes the use of pkg-build-options, resolving the build
issues on netbsd-8, and adds a default-off wayland option to firefox68
that merely adjusts the PLIST, so that people building firefox68 with
a wayland-enabled gtk3 have an easier time.
I don't believe that any default-option binary packages will change,
so no PKGREVISION++.
A proper fix is deferred until after the branch. This could involve
allowing pkg-build-options to be used in Makefile* instead of only
bl3, or adding wayland detection and setting some variable to gtk3's
bl3.
As discussed on pkgsrc-users and offlist with nia@.
|
|
The buffer package specifies a canonical import path, but elsewhere in
the code of the package, it is imported with a different path (containing
/v2/). This has been broken since Go 1.12.
|
|
|
|
|
|
|
|
|
|
|
|
Django 2.2.9 fixes a security issue and a data loss bug in 2.2.8.
CVE-2019-19844: Potential account hijack via password reset form
By submitting a suitably crafted email address making use of Unicode characters, that compared equal to an existing user email when lower-cased for comparison, an attacker could be sent a password reset token for the matched account.
In order to avoid this vulnerability, password reset requests now compare the submitted email using the stricter, recommended algorithm for case-insensitive comparison of two identifiers from Unicode Technical Report 36, section 2.11.2(B)(2). Upon a match, the email containing the reset token will be sent to the email address on record rather than the submitted address.
Bugfixes
* Fixed a data loss possibility in SplitArrayField. When using with ArrayField(BooleanField()), all values after the first True value were marked as checked instead of preserving passed values
|
|
Django 1.11.27 fixes a security issue and a data loss bug in 1.11.26.
CVE-2019-19844: Potential account hijack via password reset form
By submitting a suitably crafted email address making use of Unicode characters, that compared equal to an existing user email when lower-cased for comparison, an attacker could be sent a password reset token for the matched account.
In order to avoid this vulnerability, password reset requests now compare the submitted email using the stricter, recommended algorithm for case-insensitive comparison of two identifiers from Unicode Technical Report 36, section 2.11.2(B)(2). Upon a match, the email containing the reset token will be sent to the email address on record rather than the submitted address.
Bugfixes
* Fixed a data loss possibility in SplitArrayField. When using with ArrayField(BooleanField()), all values after the first True value were marked as checked instead of preserving passed values
|
|
Update durpal8 to 8.7.11, security release.
8.7.11 (2019-12-18)
Release notes
Maintenance and security release of the Drupal 8 series.
This release fixes security vulnerabilities. Sites are urged to upgrade
immediately after reading the notes below and the security announcement.
|
|
Update drupal7 to 7.69, security release.
7.69 (2019-12-18)
Release notes
Maintenance and security release of the Drupal 7 series.
This release fixes security vulnerabilities. Sites are urged to upgrade
immediately after reading the notes below and the security announcement.
|
|
|
|
|
|
|
|
(No `c' compiler is needed to build this module.)
|
|
|
|
This module allows you to get the public suffix, as well as the
registrable domain, of a domain name using the Public Suffix List from
http://publicsuffix.org
|
|
a patch caused crashes, use suggestions by upstream that makes it more portable
|
|
## 4.3.1 and 3.12.2 / 2019-12-05
* Security
* Fix: a poorly-behaved client could use keepalive requests to monopolize Puma's reactor and create a denial of service attack. CVE-2019-16770.
## 4.3.0 / 2019-11-07
* Features
* Strip whitespace at end of HTTP headers (#2010)
* Optimize HTTP parser for JRuby (#2012)
* Add SSL support for the control app and cli (#2046, #2052)
* Bugfixes
* Fix Errno::EINVAL when SSL is enabled and browser rejects cert (#1564)
* Fix pumactl defaulting puma to development if an environment was not specified (#2035)
* Fix closing file stream when reading pid from pidfile (#2048)
* Fix a typo in configuration option `--extra_runtime_dependencies` (#2050)
## 4.2.1 / 2019-10-07
* 3 bugfixes
* Fix socket activation of systemd (pre-existing) unix binder files (#1842, #1988)
* Deal with multiple calls to bind correctly (#1986, #1994, #2006)
* Accepts symbols for `verify_mode` (#1222)
## 4.2.0 / 2019-09-23
* 6 features
* Pumactl has a new -e environment option and reads `config/puma/<environment>.rb` config files (#1885)
* Semicolons are now allowed in URL paths (MRI only), useful for Angular or Redmine (#1934)
* Allow extra dependencies to be defined when using prune_bundler (#1105)
* Puma now reports the correct port when binding to port 0, also reports other listeners when binding to localhost (#1786)
* Sending SIGINFO to any Puma worker now prints currently active threads and their backtraces (#1320)
* Puma threads all now have their name set on Ruby 2.3+ (#1968)
* 4 bugfixes
* Fix some misbehavior with phased restart and externally SIGTERMed workers (#1908, #1952)
* Fix socket closing on error (#1941)
* Removed unnecessary SIGINT trap for JRuby that caused some race conditions (#1961)
* Fix socket files being left around after process stopped (#1970)
* Absolutely thousands of lines of test improvements and fixes thanks to @MSP-Greg
## 4.1.1 / 2019-09-05
* 3 bugfixes
* Revert our attempt to not dup STDOUT/STDERR (#1946)
* Fix socket close on error (#1941)
* Fix workers not shutting down correctly (#1908)
## 4.1.0 / 2019-08-08
* 4 features
* Add REQUEST_PATH on parse error message (#1831)
* You can now easily add custom log formatters with the `log_formatter` config option (#1816)
* Puma.stats now provides process start times (#1844)
* Add support for disabling TLSv1.1 (#1836)
* 7 bugfixes
* Fix issue where Puma was creating zombie process entries (#1887)
* Fix bugs with line-endings and chunked encoding (#1812)
* RACK_URL_SCHEME is now set correctly in all conditions (#1491)
* We no longer mutate global STDOUT/STDERR, particularly the sync setting (#1837)
* SSL read_nonblock no longer blocks (#1857)
* Swallow connection errors when sending early hints (#1822)
* Backtrace no longer dumped when invalid pumactl commands are run (#1863)
* 5 other
* Avoid casting worker_timeout twice (#1838)
* Removed a call to private that wasn't doing anything (#1882)
* README, Rakefile, docs and test cleanups (#1848, #1847, #1846, #1853, #1859, #1850, #1866, #1870, #1872, #1833, #1888)
* Puma.io has proper documentation now (https://puma.io/puma/)
* Added the Contributor Covenant CoC
* 1 known issue
* Some users are still experiencing issues surrounding socket activation and Unix sockets (#1842)
## 4.0.1 / 2019-07-11
* 2 bugfixes
* Fix socket removed after reload - should fix problems with systemd socket activation. (#1829)
* Add extconf tests for DTLS_method & TLS_server_method, use in minissl.rb. Should fix "undefined symbol: DTLS_method" when compiling against old OpenSSL versions. (#1832)
* Removed unnecessary RUBY_VERSION checks. (#1827)
## 4.0.0 / 2019-06-25
9 features
* Add support for disabling TLSv1.0 (#1562)
* Request body read time metric (#1569)
* Add out_of_band hook (#1648)
* Re-implement (native) IOBuffer for JRuby (#1691)
* Min worker timeout (#1716)
* Add option to suppress SignalException on SIGTERM (#1690)
* Allow mutual TLS CA to be set using `ssl_bind` DSL (#1689)
* Reactor now uses nio4r instead of `select` (#1728)
9 x bugfixes
* Do not accept new requests on shutdown (#1685, #1808)
* Fix 3 corner cases when request body is chunked (#1508)
* Change pid existence check's condition branches (#1650)
* Don't call .stop on a server that doesn't exist (#1655)
* Implemented NID_X9_62_prime256v1 (P-256) curve over P-521 (#1671)
* Fix @notify.close can't modify frozen IOError (RuntimeError) (#1583)
* Fix Java 8 support (#1773)
* Fix error `uninitialized constant Puma::Cluster` (#1731)
* Fix `not_token` being able to be set to true (#1803)
## 3.12.1 / 2019-01-08
* 1 features
* Internal strings are frozen (#1649)
* 3 bugfixes
* Fix chunked ending check (#1607)
* Rack handler should use provided default host (#1700)
* Better support for detecting runtimes that support `fork` (#1630)
|
|
Update php-ja-wordpress from 4.5.3 to 5.3.1.
This release contains these security fixes.
* Props to Daniel Bachhuber for finding an issue where an unprivileged
user could make a post sticky via the REST API.
* Props to Simon Scannell of RIPS Technologies for finding and
disclosing an issue where cross-site scripting (XSS) could be stored
in well-crafted links.
* Props to the WordPress.org Security Team for hardening
wp_kses_bad_protocol() to ensure that it is aware of the named colon
attribute.
* Props to Nguyen The Duc for discovering a stored XSS vulnerability
using block editor content.
For more detail about version 5.3.1, please refer
<https://wordpress.org/news/2019/12/wordpress-5-3-1-security-and-maintenance-release/>
And changes from 4.5.3 to 5.3.0, please refer HOMEPAGE and
<https://wordpress.org/>.
|
|
Drop php71 support mechanically.
|
|
Changelog:
Sun 15 Dec 2019 02:12:02 PM CET
Fix send() call (affects Mac OS X). #5977 -CG/fbrault
Releasing libmicrohttpd 0.9.69. -CG
Fri 29 Nov 2019 11:22:25 PM CET
If application suspends a connection before we could send 100 CONTINUE,
give application another shot at queuing a reply before the upload begins. -CG
|
|
1.1.3:
- URL-friendly parameter encoding
- Updating dependency reference for Python 3 compatibility
- Include database views in list of tables
- Fix unicode issue when generating migration with py2 or py3
- Do not use "message" attribute on exception
- Update EXPLORER_SCHEMA_EXCLUDE_TABLE_PREFIXES
- Minor Changes
- release checklist included in repo
- readme updated with new screenshots
- python dependencies/optional-dependencies updated to latest
- six, xlsxwriter, factory-boy, sqlparse
|
|
Version 2.2:
Added DjangoFilterBackend.get_schema_operation_parameters() for DRF 3.10+ OpenAPI schema generation.
Added lookup_expr to MultipleChoiceFilter
Dropped support for EOL Python 3.4
|
|
Django REST framework 3.11
The 3.11 release adds support for Django 3.0.
Our supported Python versions are now: 3.5, 3.6, 3.7, and 3.8.
Our supported Django versions are now: 1.11, 2.0, 2.1, 2.2, and 3.0.
This release will be the last to support Python 3.5 or Django 1.11.
* OpenAPI Schema Generation Improvements
* Validator / Default Context
|
|
3.2.0:
Converted setuptools metadata to configuration file. This meant removing the __version__ attribute from the package. If you want to inspect the installed version, use importlib.metadata.version("django-cors-headers") (docs / backport).
Support Python 3.8.
|
|
Now PHP 7 and later are supported.
Changes are too many to write here, please refer readme.txt in detail.
|
|
typo3_62 package only supports php56.
|
|
Explicitly specify supporting versions of PHP.
|
|
Contao 3.5 dose not support PHP 7.4.
|
|
Update php-apcu_bc to 1.0.5.
o pkgsrc change: allow build on php74.
1.0.5 (2019-02-20)
- fix skipif.inc path in test suite
- remove APCU version from phpinfo
- remove Build date from phpinfo
1.0.4 (2018-02-10)
- promote as stable (no change)
|
|
Update php-apcu to 5.1.18.
o pkgsrc change: allow build with php74.
5.1.18 (2019-10-28)
- Implement apcu_inc() and apcu_dec() using atomic operations. This means
that these functions no longer have to acquire a write lock. These
functions will now wraparound on overflow, instead of saturating to a
floating point value.
- Make table header in apc.php sticky.
- Fix compile warnings related to mktemp() usage.
- Fix compatibility with PHP 8.0.
- Fix required number of arguments for apcu_store() returned by Reflection.
|
|
Bump PKGREVISION by change of default Ruby version from 2.4.x to 2.6.x.
These packages are depends on Ruby in some ways.
|
|
Similar commit done upstream too.
|
