| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
www/firefox91: security fix
www/firefox91-l10n: dependent update
Revisions pulled up:
- www/firefox91-l10n/Makefile 1.15
- www/firefox91-l10n/distinfo 1.17
- www/firefox91/Makefile 1.25
- www/firefox91/distinfo 1.17
---
Module Name: pkgsrc
Committed By: nia
Date: Tue Sep 6 15:38:35 UTC 2022
Modified Files:
pkgsrc/www/firefox91: Makefile distinfo
pkgsrc/www/firefox91-l10n: Makefile distinfo
Log Message:
firefox91: update to 91.13.0
Security Vulnerabilities fixed in Firefox ESR 91.13
#CVE-2022-38472: Address bar spoofing via XSLT error handling
#CVE-2022-38473: Cross-origin XSLT Documents would have inherited the
parent's permissions
#CVE-2022-38478: Memory safety bugs fixed in Firefox 104, Firefox ESR 102.2,
and Firefox ESR 91.13
|
|
www/drupal9: security update
Revisions pulled up:
- www/drupal9/Makefile 1.5
- www/drupal9/PLIST 1.3
- www/drupal9/distinfo 1.3
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Sun Jul 31 14:26:59 UTC 2022
Modified Files:
pkgsrc/www/drupal9: Makefile PLIST distinfo
Log Message:
www/drupal9: update to 9.3.20
9.3.20 (2022-07-28)
This is a patch (bugfix) release of Drupal 9 and is ready for use on
production sites. Learn more about Drupal 9.
* Drupal core uses the third-party Diactoros library as its PSR-7
implementation. Diactoros has issued a security advisory:
* CVE-2022-31109: Diactoros before 2.11.1 vulnerable to HTTP Host Header
Attack
Drupal core is unlikely to be vulnerable. This bugfix release updates the
version of Diactoros used in drupal/core-recommended to a secure version as
a precaution.
9.3.19 (2022-07-20)
This is a security release of the Drupal 9 series.
This release fixes security vulnerabilities. Sites are urged to update
immediately after reading the notes below and the security announcement:
* Drupal core - Moderately critical - Information Disclosure -
SA-CORE-2022-012
* Drupal core - Moderately critical - Access Bypass - SA-CORE-2022-013
* Drupal core - Critical - Arbitrary PHP code execution - SA-CORE-2022-014
* Drupal core - Moderately critical - Multiple vulnerabilities -
SA-CORE-2022-015
No other changes are included.
To generate a diff of this commit:
cvs rdiff -u -r1.4 -r1.5 pkgsrc/www/drupal9/Makefile
cvs rdiff -u -r1.2 -r1.3 pkgsrc/www/drupal9/PLIST pkgsrc/www/drupal9/distinfo
|
|
www/drupal7: security update
Revisions pulled up:
- www/drupal7/Makefile 1.77
- www/drupal7/PLIST 1.31
- www/drupal7/distinfo 1.61
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Sun Jul 31 14:23:22 UTC 2022
Modified Files:
pkgsrc/www/drupal7: Makefile PLIST distinfo
Log Message:
www/drupal7: update to 7.91
7.91 (2022-07-20)
Maintenance and security release of the Drupal 7 series.
This release fixes security vulnerabilities. Sites are urged to update
immediately after reading the notes below and the security announcement:
* Drupal core - Moderately critical - Information Disclosure - SA-CORE-2022-012
No other changes are included.
To generate a diff of this commit:
cvs rdiff -u -r1.76 -r1.77 pkgsrc/www/drupal7/Makefile
cvs rdiff -u -r1.30 -r1.31 pkgsrc/www/drupal7/PLIST
cvs rdiff -u -r1.60 -r1.61 pkgsrc/www/drupal7/distinfo
|
|
www/firefox91: security update
www/firefox91-l10n: dependency update
Revisions pulled up:
- www/firefox91-l10n/Makefile 1.13
- www/firefox91-l10n/distinfo 1.15
- www/firefox91/Makefile 1.22
- www/firefox91/distinfo 1.15
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: nia
Date: Fri Jul 22 08:16:40 UTC 2022
Modified Files:
pkgsrc/www/firefox91: Makefile distinfo
pkgsrc/www/firefox91-l10n: Makefile distinfo
Log Message:
firefox91: update to 91.11.0
Mozilla Foundation Security Advisory 2022-25
Security Vulnerabilities fixed in Firefox ESR 91.11
#CVE-2022-34479: A popup window could be resized in a way to overlay the
address bar with web content
#CVE-2022-34470: Use-after-free in nsSHistory
#CVE-2022-34468: CSP sandbox header without `allow-scripts` can be bypassed
via retargeted javascript: URI
#CVE-2022-34481: Potential integer overflow in ReplaceElementsAt
#CVE-2022-31744: CSP bypass enabling stylesheet injection
#CVE-2022-34472: Unavailable PAC file resulted in OCSP requests being
blocked
#CVE-2022-34478: Microsoft protocols can be attacked if a user accepts a
prompt
#CVE-2022-2200: Undesired attributes could be set as part of prototype
pollution
#CVE-2022-34484: Memory safety bugs fixed in Firefox 102 and Firefox ESR
91.11
To generate a diff of this commit:
cvs rdiff -u -r1.21 -r1.22 pkgsrc/www/firefox91/Makefile
cvs rdiff -u -r1.14 -r1.15 pkgsrc/www/firefox91/distinfo
cvs rdiff -u -r1.12 -r1.13 pkgsrc/www/firefox91-l10n/Makefile
cvs rdiff -u -r1.14 -r1.15 pkgsrc/www/firefox91-l10n/distinfo
|
|
databases/ruby-activerecord70: security update
devel/ruby-activejob70: security update
devel/ruby-activemodel70: security update
devel/ruby-activestorage70: security update
devel/ruby-activesupport70: security update
devel/ruby-railties70: security update
mail/ruby-actionmailbox70: security update
mail/ruby-actionmailer70: security update
textproc/ruby-actiontext70: security update
www/ruby-actioncable70: security update
www/ruby-actionpack70: security update
www/ruby-actionview70: security update
www/ruby-rails70: security update
Revisions pulled up:
- databases/ruby-activerecord70/distinfo 1.7
- devel/ruby-activejob70/distinfo 1.7
- devel/ruby-activemodel70/distinfo 1.7
- devel/ruby-activestorage70/distinfo 1.7
- devel/ruby-activesupport70/distinfo 1.7
- devel/ruby-railties70/Makefile 1.5
- devel/ruby-railties70/distinfo 1.7
- lang/ruby/rails.mk 1.132
- mail/ruby-actionmailbox70/distinfo 1.7
- mail/ruby-actionmailer70/distinfo 1.7
- textproc/ruby-actiontext70/distinfo 1.7
- www/ruby-actioncable70/distinfo 1.7
- www/ruby-actionpack70/distinfo 1.7
- www/ruby-actionview70/distinfo 1.7
- www/ruby-rails70/distinfo 1.7
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Wed Jul 13 14:48:48 UTC 2022
Modified Files:
pkgsrc/databases/ruby-activerecord70: distinfo
pkgsrc/devel/ruby-activejob70: distinfo
pkgsrc/devel/ruby-activemodel70: distinfo
pkgsrc/devel/ruby-activestorage70: distinfo
pkgsrc/devel/ruby-activesupport70: distinfo
pkgsrc/devel/ruby-railties70: Makefile distinfo
pkgsrc/lang/ruby: rails.mk
pkgsrc/mail/ruby-actionmailbox70: distinfo
pkgsrc/mail/ruby-actionmailer70: distinfo
pkgsrc/textproc/ruby-actiontext70: distinfo
pkgsrc/www/ruby-actioncable70: distinfo
pkgsrc/www/ruby-actionpack70: distinfo
pkgsrc/www/ruby-actionview70: distinfo
pkgsrc/www/ruby-rails70: distinfo
Log Message:
www/ruby-rails70: update to 7.0.3.1
Rails 7.0.3.1 (2022-07-12) updates databases/ruby-activerecord70 only.
databases/ruby-activerecord70
* Change ActiveRecord::Coders::YAMLColumn default to safe_load
This adds two new configuration options The configuration options are as
follows:
o config.active_storage.use_yaml_unsafe_load
When set to true, this configuration option tells Rails to use the old
"unsafe" YAML loading strategy, maintaining the existing behavior but
leaving the possible escalation vulnerability in place. Setting this
option to true is *not* recommended, but can aid in upgrading.
o config.active_record.yaml_column_permitted_classes
The "safe YAML" loading method does not allow all classes to be
deserialized by default. This option allows you to specify classes deemed
"safe" in your application. For example, if your application uses Symbol
and Time in serialized data, you can add Symbol and Time to the allowed
list as follows:
config.active_record.yaml_column_permitted_classes = [Symbol, Date, Time]
[CVE-2022-32224]
To generate a diff of this commit:
cvs rdiff -u -r1.6 -r1.7 pkgsrc/databases/ruby-activerecord70/distinfo
cvs rdiff -u -r1.6 -r1.7 pkgsrc/devel/ruby-activejob70/distinfo
cvs rdiff -u -r1.6 -r1.7 pkgsrc/devel/ruby-activemodel70/distinfo
cvs rdiff -u -r1.6 -r1.7 pkgsrc/devel/ruby-activestorage70/distinfo
cvs rdiff -u -r1.6 -r1.7 pkgsrc/devel/ruby-activesupport70/distinfo
cvs rdiff -u -r1.4 -r1.5 pkgsrc/devel/ruby-railties70/Makefile
cvs rdiff -u -r1.6 -r1.7 pkgsrc/devel/ruby-railties70/distinfo
cvs rdiff -u -r1.131 -r1.132 pkgsrc/lang/ruby/rails.mk
cvs rdiff -u -r1.6 -r1.7 pkgsrc/mail/ruby-actionmailbox70/distinfo
cvs rdiff -u -r1.6 -r1.7 pkgsrc/mail/ruby-actionmailer70/distinfo
cvs rdiff -u -r1.6 -r1.7 pkgsrc/textproc/ruby-actiontext70/distinfo
cvs rdiff -u -r1.6 -r1.7 pkgsrc/www/ruby-actioncable70/distinfo
cvs rdiff -u -r1.6 -r1.7 pkgsrc/www/ruby-actionpack70/distinfo
cvs rdiff -u -r1.6 -r1.7 pkgsrc/www/ruby-actionview70/distinfo
cvs rdiff -u -r1.6 -r1.7 pkgsrc/www/ruby-rails70/distinfo
|
|
databases/ruby-activerecord61: security update
devel/ruby-activejob61: security update
devel/ruby-activemodel61: security update
devel/ruby-activestorage61: security update
devel/ruby-activesupport61: security update
devel/ruby-railties61: security update
mail/ruby-actionmailbox61: security update
mail/ruby-actionmailer61: security update
textproc/ruby-actiontext61: security update
www/ruby-actioncable61: security update
www/ruby-actionpack61: security update
www/ruby-actionview61: security update
www/ruby-rails61: security update
Revisions pulled up:
- databases/ruby-activerecord61/distinfo 1.14
- devel/ruby-activejob61/distinfo 1.14
- devel/ruby-activemodel61/distinfo 1.14
- devel/ruby-activestorage61/distinfo 1.14
- devel/ruby-activesupport61/distinfo 1.14
- devel/ruby-railties61/Makefile 1.4
- devel/ruby-railties61/distinfo 1.14
- lang/ruby/rails.mk 1.131
- mail/ruby-actionmailbox61/distinfo 1.14
- mail/ruby-actionmailer61/distinfo 1.14
- textproc/ruby-actiontext61/distinfo 1.14
- www/ruby-actioncable61/distinfo 1.14
- www/ruby-actionpack61/distinfo 1.14
- www/ruby-actionview61/distinfo 1.14
- www/ruby-rails61/distinfo 1.14
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Wed Jul 13 14:46:24 UTC 2022
Modified Files:
pkgsrc/databases/ruby-activerecord61: distinfo
pkgsrc/devel/ruby-activejob61: distinfo
pkgsrc/devel/ruby-activemodel61: distinfo
pkgsrc/devel/ruby-activestorage61: distinfo
pkgsrc/devel/ruby-activesupport61: distinfo
pkgsrc/devel/ruby-railties61: Makefile distinfo
pkgsrc/lang/ruby: rails.mk
pkgsrc/mail/ruby-actionmailbox61: distinfo
pkgsrc/mail/ruby-actionmailer61: distinfo
pkgsrc/textproc/ruby-actiontext61: distinfo
pkgsrc/www/ruby-actioncable61: distinfo
pkgsrc/www/ruby-actionpack61: distinfo
pkgsrc/www/ruby-actionview61: distinfo
pkgsrc/www/ruby-rails61: distinfo
Log Message:
www/ruby-rails61: update to 6.1.6.1
Rails 6.1.6.1 (2022-07-12) updates databases/ruby-activerecord61 only.
databases/ruby-activerecord61
* Change ActiveRecord::Coders::YAMLColumn default to safe_load
This adds two new configuration options The configuration options are as
follows:
o config.active_storage.use_yaml_unsafe_load
When set to true, this configuration option tells Rails to use the old
"unsafe" YAML loading strategy, maintaining the existing behavior but
leaving the possible escalation vulnerability in place. Setting this
option to true is *not* recommended, but can aid in upgrading.
o config.active_record.yaml_column_permitted_classes
The "safe YAML" loading method does not allow all classes to be
deserialized by default. This option allows you to specify classes deemed
"safe" in your application. For example, if your application uses Symbol
and Time in serialized data, you can add Symbol and Time to the allowed
list as follows:
config.active_record.yaml_column_permitted_classes = [Symbol, Date, Time]
[CVE-2022-32224]
To generate a diff of this commit:
cvs rdiff -u -r1.13 -r1.14 pkgsrc/databases/ruby-activerecord61/distinfo
cvs rdiff -u -r1.13 -r1.14 pkgsrc/devel/ruby-activejob61/distinfo
cvs rdiff -u -r1.13 -r1.14 pkgsrc/devel/ruby-activemodel61/distinfo
cvs rdiff -u -r1.13 -r1.14 pkgsrc/devel/ruby-activestorage61/distinfo
cvs rdiff -u -r1.13 -r1.14 pkgsrc/devel/ruby-activesupport61/distinfo
cvs rdiff -u -r1.3 -r1.4 pkgsrc/devel/ruby-railties61/Makefile
cvs rdiff -u -r1.13 -r1.14 pkgsrc/devel/ruby-railties61/distinfo
cvs rdiff -u -r1.130 -r1.131 pkgsrc/lang/ruby/rails.mk
cvs rdiff -u -r1.13 -r1.14 pkgsrc/mail/ruby-actionmailbox61/distinfo
cvs rdiff -u -r1.13 -r1.14 pkgsrc/mail/ruby-actionmailer61/distinfo
cvs rdiff -u -r1.13 -r1.14 pkgsrc/textproc/ruby-actiontext61/distinfo
cvs rdiff -u -r1.13 -r1.14 pkgsrc/www/ruby-actioncable61/distinfo
cvs rdiff -u -r1.13 -r1.14 pkgsrc/www/ruby-actionpack61/distinfo
cvs rdiff -u -r1.13 -r1.14 pkgsrc/www/ruby-actionview61/distinfo
cvs rdiff -u -r1.13 -r1.14 pkgsrc/www/ruby-rails61/distinfo
|
|
databases/ruby-activerecord60: security update
devel/ruby-activejob60: security update
devel/ruby-activemodel60: security update
devel/ruby-activestorage60: security update
devel/ruby-activesupport60: security update
devel/ruby-railties60: security update
mail/ruby-actionmailbox60: security update
mail/ruby-actionmailer60: security update
textproc/ruby-actiontext60: security update
www/ruby-actioncable60: security update
www/ruby-actionpack60: security update
www/ruby-actionview60: security update
www/ruby-rails60: security update
Revisions pulled up:
- databases/ruby-activerecord60/distinfo 1.19
- devel/ruby-activejob60/distinfo 1.19
- devel/ruby-activemodel60/distinfo 1.19
- devel/ruby-activestorage60/distinfo 1.19
- devel/ruby-activesupport60/distinfo 1.19
- devel/ruby-railties60/Makefile 1.5
- devel/ruby-railties60/distinfo 1.19
- lang/ruby/rails.mk 1.130
- mail/ruby-actionmailbox60/distinfo 1.19
- mail/ruby-actionmailer60/distinfo 1.19
- textproc/ruby-actiontext60/distinfo 1.19
- www/ruby-actioncable60/distinfo 1.19
- www/ruby-actionpack60/distinfo 1.19
- www/ruby-actionview60/distinfo 1.19
- www/ruby-rails60/distinfo 1.19
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Wed Jul 13 14:44:10 UTC 2022
Modified Files:
pkgsrc/databases/ruby-activerecord60: distinfo
pkgsrc/devel/ruby-activejob60: distinfo
pkgsrc/devel/ruby-activemodel60: distinfo
pkgsrc/devel/ruby-activestorage60: distinfo
pkgsrc/devel/ruby-activesupport60: distinfo
pkgsrc/devel/ruby-railties60: Makefile distinfo
pkgsrc/lang/ruby: rails.mk
pkgsrc/mail/ruby-actionmailbox60: distinfo
pkgsrc/mail/ruby-actionmailer60: distinfo
pkgsrc/textproc/ruby-actiontext60: distinfo
pkgsrc/www/ruby-actioncable60: distinfo
pkgsrc/www/ruby-actionpack60: distinfo
pkgsrc/www/ruby-actionview60: distinfo
pkgsrc/www/ruby-rails60: distinfo
Log Message:
www/ruby-rails60: update to 6.0.5.1
Rails 6.0.5.1 (2022-07-12) updates databases/ruby-activerecord60 only.
databases/ruby-activerecord60
* Change ActiveRecord::Coders::YAMLColumn default to safe_load
This adds two new configuration options The configuration options are as
follows:
o config.active_storage.use_yaml_unsafe_load
When set to true, this configuration option tells Rails to use the old
"unsafe" YAML loading strategy, maintaining the existing behavior but
leaving the possible escalation vulnerability in place. Setting this
option to true is *not* recommended, but can aid in upgrading.
o config.active_record.yaml_column_permitted_classes
The "safe YAML" loading method does not allow all classes to be
deserialized by default. This option allows you to specify classes deemed
"safe" in your application. For example, if your application uses Symbol
and Time in serialized data, you can add Symbol and Time to the allowed
list as follows:
config.active_record.yaml_column_permitted_classes = [Symbol, Date, Time]
[CVE-2022-32224]
To generate a diff of this commit:
cvs rdiff -u -r1.18 -r1.19 pkgsrc/databases/ruby-activerecord60/distinfo
cvs rdiff -u -r1.18 -r1.19 pkgsrc/devel/ruby-activejob60/distinfo
cvs rdiff -u -r1.18 -r1.19 pkgsrc/devel/ruby-activemodel60/distinfo
cvs rdiff -u -r1.18 -r1.19 pkgsrc/devel/ruby-activestorage60/distinfo
cvs rdiff -u -r1.18 -r1.19 pkgsrc/devel/ruby-activesupport60/distinfo
cvs rdiff -u -r1.4 -r1.5 pkgsrc/devel/ruby-railties60/Makefile
cvs rdiff -u -r1.18 -r1.19 pkgsrc/devel/ruby-railties60/distinfo
cvs rdiff -u -r1.129 -r1.130 pkgsrc/lang/ruby/rails.mk
cvs rdiff -u -r1.18 -r1.19 pkgsrc/mail/ruby-actionmailbox60/distinfo
cvs rdiff -u -r1.18 -r1.19 pkgsrc/mail/ruby-actionmailer60/distinfo
cvs rdiff -u -r1.18 -r1.19 pkgsrc/textproc/ruby-actiontext60/distinfo
cvs rdiff -u -r1.18 -r1.19 pkgsrc/www/ruby-actioncable60/distinfo
cvs rdiff -u -r1.18 -r1.19 pkgsrc/www/ruby-actionpack60/distinfo
cvs rdiff -u -r1.18 -r1.19 pkgsrc/www/ruby-actionview60/distinfo
cvs rdiff -u -r1.18 -r1.19 pkgsrc/www/ruby-rails60/distinfo
|
|
databases/ruby-activerecord52: security update
devel/ruby-activejob52: security update
devel/ruby-activemodel52: security update
devel/ruby-activestorage52: security update
devel/ruby-activesupport52: security update
devel/ruby-railties52: security update
mail/ruby-actionmailer52: security update
www/ruby-actioncable52: security update
www/ruby-actionpack52: security update
www/ruby-actionview52: security update
www/ruby-rails52: security update
Revisions pulled up:
- databases/ruby-activerecord52/distinfo 1.15
- devel/ruby-activejob52/distinfo 1.15
- devel/ruby-activemodel52/distinfo 1.15
- devel/ruby-activestorage52/distinfo 1.15
- devel/ruby-activesupport52/distinfo 1.15
- devel/ruby-railties52/Makefile 1.4
- devel/ruby-railties52/distinfo 1.15
- lang/ruby/rails.mk 1.129
- mail/ruby-actionmailer52/distinfo 1.15
- www/ruby-actioncable52/distinfo 1.15
- www/ruby-actionpack52/distinfo 1.15
- www/ruby-actionview52/distinfo 1.15
- www/ruby-rails52/distinfo 1.15
-------------------------------------------------------------------
Module Name: pkgsrc
Committed By: taca
Date: Wed Jul 13 14:41:09 UTC 2022
Modified Files:
pkgsrc/databases/ruby-activerecord52: distinfo
pkgsrc/devel/ruby-activejob52: distinfo
pkgsrc/devel/ruby-activemodel52: distinfo
pkgsrc/devel/ruby-activestorage52: distinfo
pkgsrc/devel/ruby-activesupport52: distinfo
pkgsrc/devel/ruby-railties52: Makefile distinfo
pkgsrc/lang/ruby: rails.mk
pkgsrc/mail/ruby-actionmailer52: distinfo
pkgsrc/www/ruby-actioncable52: distinfo
pkgsrc/www/ruby-actionpack52: distinfo
pkgsrc/www/ruby-actionview52: distinfo
pkgsrc/www/ruby-rails52: distinfo
Log Message:
www/ruby-rails52: update to 5.2.8.1
Rails 5.2.8.1 (2022-07-12) updates databases/ruby-activerecord52 only.
databases/ruby-activerecord52
* Change ActiveRecord::Coders::YAMLColumn default to safe_load
This adds two new configuration options The configuration options are as
follows:
o config.active_storage.use_yaml_unsafe_load
When set to true, this configuration option tells Rails to use the old
"unsafe" YAML loading strategy, maintaining the existing behavior but
leaving the possible escalation vulnerability in place. Setting this
option to true is *not* recommended, but can aid in upgrading.
o config.active_record.yaml_column_permitted_classes
The "safe YAML" loading method does not allow all classes to be
deserialized by default. This option allows you to specify classes deemed
"safe" in your application. For example, if your application uses Symbol
and Time in serialized data, you can add Symbol and Time to the allowed
list as follows:
config.active_record.yaml_column_permitted_classes = [Symbol, Date, Time]
[CVE-2022-32224]
To generate a diff of this commit:
cvs rdiff -u -r1.14 -r1.15 pkgsrc/databases/ruby-activerecord52/distinfo
cvs rdiff -u -r1.14 -r1.15 pkgsrc/devel/ruby-activejob52/distinfo
cvs rdiff -u -r1.14 -r1.15 pkgsrc/devel/ruby-activemodel52/distinfo
cvs rdiff -u -r1.14 -r1.15 pkgsrc/devel/ruby-activestorage52/distinfo
cvs rdiff -u -r1.14 -r1.15 pkgsrc/devel/ruby-activesupport52/distinfo
cvs rdiff -u -r1.3 -r1.4 pkgsrc/devel/ruby-railties52/Makefile
cvs rdiff -u -r1.14 -r1.15 pkgsrc/devel/ruby-railties52/distinfo
cvs rdiff -u -r1.128 -r1.129 pkgsrc/lang/ruby/rails.mk
cvs rdiff -u -r1.14 -r1.15 pkgsrc/mail/ruby-actionmailer52/distinfo
cvs rdiff -u -r1.14 -r1.15 pkgsrc/www/ruby-actioncable52/distinfo
cvs rdiff -u -r1.14 -r1.15 pkgsrc/www/ruby-actionpack52/distinfo
cvs rdiff -u -r1.14 -r1.15 pkgsrc/www/ruby-actionview52/distinfo
cvs rdiff -u -r1.14 -r1.15 pkgsrc/www/ruby-rails52/distinfo
|
|
Security fix release.
This release includes the following changes:
o curl: add --rate to set max request rate per time unit [69]
o curl: deprecate --random-file and --egd-file [12]
o curl_version_info: add CURL_VERSION_THREADSAFE [100]
o CURLINFO_CAPATH/CAINFO: get the default CA paths from libcurl [9]
o lib: make curl_global_init() threadsafe when possible [101]
o libssh2: add CURLOPT_SSH_HOSTKEYFUNCTION [78]
o opts: deprecate RANDOM_FILE and EGDSOCKET [13]
o socks: support unix sockets for socks proxy [2]
This release includes the following bugfixes:
o aws-sigv4: fix potentional NULL pointer arithmetic [48]
o bindlocal: don't use a random port if port number would wrap [14]
o c-hyper: mark status line as status for Curl_client_write() [58]
o ci: avoid `cmake -Hpath` [114]
o CI: bump FreeBSD 13.0 to 13.1 [127]
o ci: update github actions [36]
o cmake: add libpsl support [3]
o cmake: do not add libcurl.rc to the static libcurl library [53]
o cmake: enable curl.rc for all Windows targets [55]
o cmake: fix detecting libidn2 [56]
o cmake: support adding a suffix to the OS value [54]
o configure: skip libidn2 detection when winidn is used [89]
o configure: use the SED value to invoke sed [28]
o configure: warn about rustls being experimental [103]
o content_encoding: return error on too many compression steps [106]
o cookie: address secure domain overlay [7]
o cookie: apply limits [83]
o copyright.pl: parse and use .reuse/dep5 for skips [105]
o copyright: make repository REUSE compliant [119]
o curl.1: add a few see also --tls-max [52]
o curl.1: mention exit code zero too [44]
o curl: re-enable --no-remote-name [31]
o curl_easy_pause.3: remove explanation of progress function [97]
o curl_getdate.3: document that some illegal dates pass through [34]
o Curl_parsenetrc: don't access local pwbuf outside of scope [27]
o curl_url_set.3: clarify by default using known schemes only [120]
o CURLOPT_ALTSVC.3: document the file format [118]
o CURLOPT_FILETIME.3: fix the protocols this works with
o CURLOPT_HTTPHEADER.3: improve comment in example [66]
o CURLOPT_NETRC.3: document the .netrc file format
o CURLOPT_PORT.3: We discourage using this option [92]
o CURLOPT_RANGE.3: remove ranged upload advice [99]
o digest: added detection of more syntax error in server headers [81]
o digest: tolerate missing "realm" [80]
o digest: unquote realm and nonce before processing [82]
o DISABLED: disable 1021 for hyper again
o docs/cmdline-opts: add copyright and license identifier to each file [112]
o docs/CONTRIBUTE.md: document the 'needs-votes' concept [79]
o docs: clarify data replacement policy for MIME API [16]
o doh: remove UNITTEST macro definition [67]
o examples/crawler.c: use the curl license [73]
o examples: remove fopen.c and rtsp.c [76]
o FAQ: Clarify Windows double quote usage [42]
o fopen: add Curl_fopen() for better overwriting of files [72]
o ftp: restore protocol state after http proxy CONNECT [110]
o ftp: when failing to do a secure GSSAPI login, fail hard [62]
o GHA/hyper: enable debug in the build
o gssapi: improve handling of errors from gss_display_status [45]
o gssapi: initialize gss_buffer_desc strings
o headers api: remove EXPERIMENTAL tag [35]
o http2: always debug print stream id in decimal with %u [46]
o http2: reject overly many push-promise headers [63]
o http: restore header folding behavior [64]
o hyper: use 'alt-used' [71]
o krb5: return error properly on decode errors [107]
o lib: make more protocol specific struct fields #ifdefed [84]
o libcurl-security.3: add "Secrets in memory" [30]
o libcurl-security.3: document CRLF header injection [98]
o libssh: skip the fake-close when libssh does the right thing [102]
o links: update dead links to the curl-wiki [21]
o log2changes: do not indent empty lines [ci skip] [37]
o macos9: remove partial support [22]
o Makefile.am: fix portability issues [1]
o Makefile.m32: delete obsolete options, improve -On [ci skip] [65]
o Makefile.m32: delete two obsolete OpenSSL options [ci skip] [39]
o Makefile.m32: stop forcing XP target with ipv6 enabled [ci skip] [116]
o max-time.d: clarify max-time sets max transfer time [70]
o mprintf: ignore clang non-literal format string [19]
o netrc: check %USERPROFILE% as well on Windows [77]
o netrc: support quoted strings [33]
o ngtcp2: allow curl to send larger UDP datagrams [29]
o ngtcp2: correct use of ngtcp2 and nghttp3 signed integer types [25]
o ngtcp2: enable Linux GSO [91]
o ngtcp2: extend QUIC transport parameters buffer [4]
o ngtcp2: fix alert_read_func return value [26]
o ngtcp2: fix typo in preprocessor condition [121]
o ngtcp2: handle error from ngtcp2_conn_submit_crypto_data [5]
o ngtcp2: send appropriate connection close error code [6]
o ngtcp2: support boringssl crypto backend [17]
o ngtcp2: use helper funcs to simplify TLS handshake integration [68]
o ntlm: provide a fixed fake host name [32]
o projects: fix third-party SSL library build paths for Visual Studio [125]
o quic: add Curl_quic_idle [18]
o quiche: support ca-fallback [49]
o rand: stop detecting /dev/urandom in cross-builds [113]
o remote-name.d: mention --output-dir [88]
o runtests.pl: add the --repeat parameter to the --help output [43]
o runtests: fix skipping tests not done event-based [95]
o runtests: skip starting the ssh server if user name is lacking [104]
o scripts/copyright.pl: fix the exclusion to not ignore man pages [75]
o sectransp: check for a function defined when __BLOCKS__ is undefined [20]
o select: return error from "lethal" poll/select errors [93]
o server/sws: support spaces in the HTTP request path
o speed-limit/time.d: mention these affect transfers in either direction [74]
o strcase: some optimisations [8]
o test 2081: add a valid reply for the second request [60]
o test 675: add missing CR so the test passes when run through Privoxy [61]
o test414: add the '--resolve' keyword [23]
o test681: verify --no-remote-name [90]
o tests 266, 116 and 1540: add a small write delay
o tests/data/test1501: kill ftp server after slow LIST response [59]
o tests/getpart: fix getpartattr to work with "data" and "data2"
o tests/server/sws.c: change the HTTP writedelay unit to milliseconds [47]
o test{440,441,493,977}: add "HTTP proxy" keywords [40]
o tool_getparam: fix --parallel-max maximum value constraint [51]
o tool_operate: make sure --fail-with-body works with --retry [24]
o transfer: fix potential NULL pointer dereference [15]
o transfer: maintain --path-as-is after redirects [96]
o transfer: upload performance; avoid tiny send [124]
o url: free old conn better on reuse [41]
o url: remove redundant #ifdefs in allocate_conn()
o url: URL encode the path when extracted, if spaces were set
o urlapi: make curl_url_set(url, CURLUPART_URL, NULL, 0) clear all parts [126]
o urlapi: support CURLU_URLENCODE for curl_url_get()
o urldata: reduce size of a few struct fields [86]
o urldata: remove three unused booleans from struct UserDefined [87]
o urldata: store tcp_keepidle and tcp_keepintvl as ints [85]
o version: allow stricmp() for sorting the feature list [57]
o vtls: make curl_global_sslset thread-safe [94]
o wolfssh.h: removed [10]
o wolfssl: correct the failf() message when a handle can't be made [38]
o wolfSSL: explicitly use compatibility layer [11]
o x509asn1: mark msnprintf return as unchecked [50]
|
|
|
|
|
|
|
|
CHangelog:
Version 24.0.1 May 3 2022
Changes
* Bump karma-spec-reporter from 0.0.33 to 0.0.34 (server#31985)
* Tell mysql to ignore the sort index for search queries (server#32123)
* Update description of cronjob settings to be aligned to the documenta...
(server#32133)
* Fix showing of all apps are up-to-date in apps management (server#32153)
* Fx translations with trailing colon (server#32159)
* Fix social sharing buttons (server#32181)
* Revert "Show the child folders in the breadcrumb menu when on a parent
entry." (server#32219)
* Use sabre function directly rather than duplicating it (server#32236)
* Revert "Revert "Make the order of reactions reliable"" (server#32241)
* Include more emoji chars to test and fixes after include it (server#32256)
* Expose shareWithDisplayNameUnique also on autocomplete endpoint (server#
32275)
* Don't use hash to check if binding worked (server#32282)
* Fix preview generator trying to recreate an existing folder (server#32320)
* Fix for transferring ownership of groupfolders (server#32329)
* Add share search tweaks (server#32360)
* Don't unjail the path when getting the storage info (server#32365)
* Increase retry delay on 'Wait for S3' CI job (server#32368)
* Bump karma from 6.3.17 to 6.3.20 (server#32386)
* Bump moment from 2.29.2 to 2.29.3 (server#32402)
* Fix user agent trimming on installation (server#32414)
* Show user account on grant loginflow step (server#32415)
* Only log diagnostic events if a treshhold is set (server#32424)
* Replace isValidEmoji by method in EmojiHelper (server#32437)
* Add Email validation (server#32472)
* Switch to getOption() (circles#1042)
* Add new diagram templates (example-files#23)
* Adapt layout after viewer update (files_pdfviewer#597)
* Update phpunit workflows (files_pdfviewer#599)
* Prevent video file downloads when there is a download limit
(files_videoplayer#275)
* Fix password generation (password_policy#357)
* Fix FreeBsd Interface parsing (serverinfo#373)
* Switch to auto table layout (text#2375)
* Use '(n)' suffix instead of timestamp prefix for uploaded image names
(text#2377)
* Manually get a mounted instance of the file if needed during lock/unlock
(text#2380)
* Fix attachment cleanup when file names contain parenthesis (text#2389)
* Build(deps-dev): bump cypress from 9.5.3 to 9.5.4 (text#2402)
* Build(deps-dev): bump @vue/vue2-jest from 27.0.0-alpha.4 to 27.0.0 (text#
2405)
* Fix viewer integration styling (text#2419)
* Revert "Revert "Improve preloading"" (viewer#1237)
* Revert "Revert "Revert "Improve preloading""" (viewer#1238)
* Fix design update after 5 vue components upgrade (viewer#1239)
* Improve preloading (viewer#1240)
Version 24.0.0 May 3 2022
Nextcloud Hub 24 is here!
The biggest improvements Nextcloud Hub 24 introduces are:
* User migration
* Smart file locking
* 4x lower db load
* Reactions & media tab in Talk
* Reply to calls & messages in Desktop client
* Undo send & schedule emails
Version 23.0.5 May 19 2022
Changes
* Use the nextcloud certificate bundle for s3 (server#31818)
* Federated share performance improvements (server#31902)
* Principal search by display name case insensitive (server#31976)
* Log why the login token can't be used for credentials (server#31978)
* Bump babel-loader from 8.2.4 to 8.2.5 (server#32100)
* Bump moment from 2.29.2 to 2.29.3 (server#32101)
* Fix showing of all apps are up-to-date in apps management (server#32115)
* Do not update _lastChanged on auto-detected attributes (server#32120)
* Tell mysql to ignore the sort index for search queries (server#32124)
* Get not only time-sensitive next job from list but any when not in
cron-mode (server#32131)
* Update description of cronjob settings to be aligned to the documenta...
(server#32135)
* Fx translations with trailing colon (server#32160)
* L10n: Change apostrophe (server#32174)
* Fix social sharing buttons (server#32182)
* Don't use plain URL on the email subject (server#32247)
* Don't use hash to check if binding worked (server#32284)
* Fix preview generator trying to recreate an existing folder (server#32323)
* Fix for transferring ownership of groupfolders (server#32330)
* Bump @testing-library/vue from 5.8.2 to 5.8.3 (server#32334)
* Explicitly close div element (server#32417)
* Fix user agent trimming on installation (server#32420)
* Show user account on grant loginflow step (server#32422)
* Add Email validation (server#32474)
* Fix array key on import() (circles#1027)
* Switch to getOption() (circles#1043)
* Add new diagram templates (example-files#24)
* Update phpunit workflows (files_pdfviewer#600)
* Prevent video file downloads when there is a download limit
(files_videoplayer#276)
* Fix password generation (password_policy#358)
* Bump babel-loader from 8.2.4 to 8.2.5 (privacy#764)
* Build(deps): bump prosemirror-view from 1.23.12 to 1.23.13 (text#2348)
* Improve preloading (viewer#1232)
|
|
* Sync with www/firefox-101.0.1.
|
|
* Fix build under NetBSD/i386 with thiner LTO option.
Changelog:
Fixed
* Fixed Firefox clearing the clipboard when closing on macOS (bug 1771823)
* Fixed a compatibility issue causing severely impaired functionality with
win32k lockdown enabled on some Windows systems (bug 1769845)
* Fixed context menus not appearing when right-clicking Picture-in-Picture
windows on some Linux systems (bug 1771914)
* Various stability fixes
|
|
Security Vulnerabilities fixed in Firefox ESR 91.10
#CVE-2022-31736: Cross-Origin resource's length leaked
#CVE-2022-31737: Heap buffer overflow in WebGL
#CVE-2022-31738: Browser window spoof using fullscreen mode
#CVE-2022-31739: Attacker-influenced path traversal when saving downloaded
files
#CVE-2022-31740: Register allocation problem in WASM on arm64
#CVE-2022-31741: Uninitialized variable leads to invalid memory read
#CVE-2022-31742: Querying a WebAuthn token with a large number of
allowCredential entries may have leaked cross-origin information
#CVE-2022-31747: Memory safety bugs fixed in Firefox 101 and Firefox ESR
91.10
|
|
HIGHLIGHTS
* WebSockets over HTTP/2
RFC 8441 Bootstrapping WebSockets with HTTP/2
* HTTP/2 PRIORITY_UPDATE
RFC 9218 Extensible Prioritization Scheme for HTTP
* prefix/suffix conditions in lighttpd.conf
* mod_webdav safe partial-PUT
webdav.opts += ("partial-put-copy-modify" => "enable")
* mod_accesslog option: accesslog.escaping = "json"
* mod_deflate libdeflate build option
* speed up request body uploads via HTTP/2
BEHAVIOR CHANGES:
* change default server.max-keep-alive-requests = 1000 to adjust
to increasing HTTP/2 usage and to web2/web3 application usage
(prior default was 100)
* mod_status HTML now includes HTTP/2 control stream id 0 in the output
which contains aggregate counts for the HTTP/2 connection
(These lines can be identified with URL '*', part of "PRI *" preface)
alternative: https://wiki.lighttpd.net/ModMagnetExamples#lua-mod_status
* MIME type application/javascript is translated to text/javascript (RFC 9239)
|
|
1.4.3 (2022-06-09)
* Address a possible XSS vulnerability with certain configurations of
Rails::Html::Sanitizer.
Prevent the combination of `select` and `style` as allowed tags in
SafeListSanitizer.
Fixes CVE-2022-32209
*Mike Dalessio*
|
|
Changes with Apache 2.4.54
*) SECURITY: CVE-2022-31813: mod_proxy X-Forwarded-For dropped by
hop-by-hop mechanism (cve.mitre.org)
Apache HTTP Server 2.4.53 and earlier may not send the
X-Forwarded-* headers to the origin server based on client side
Connection header hop-by-hop mechanism.
This may be used to bypass IP based authentication on the origin
server/application.
Credits: The Apache HTTP Server project would like to thank
Gaetan Ferry (Synacktiv) for reporting this issue
*) SECURITY: CVE-2022-30556: Information Disclosure in mod_lua with
websockets (cve.mitre.org)
Apache HTTP Server 2.4.53 and earlier may return lengths to
applications calling r:wsread() that point past the end of the
storage allocated for the buffer.
Credits: The Apache HTTP Server project would like to thank
Ronald Crane (Zippenhop LLC) for reporting this issue
*) SECURITY: CVE-2022-30522: mod_sed denial of service
(cve.mitre.org)
If Apache HTTP Server 2.4.53 is configured to do transformations
with mod_sed in contexts where the input to mod_sed may be very
large, mod_sed may make excessively large memory allocations and
trigger an abort.
Credits: This issue was found by Brian Moussalli from the JFrog
Security Research team
*) SECURITY: CVE-2022-29404: Denial of service in mod_lua
r:parsebody (cve.mitre.org)
In Apache HTTP Server 2.4.53 and earlier, a malicious request to
a lua script that calls r:parsebody(0) may cause a denial of
service due to no default limit on possible input size.
Credits: The Apache HTTP Server project would like to thank
Ronald Crane (Zippenhop LLC) for reporting this issue
*) SECURITY: CVE-2022-28615: Read beyond bounds in
ap_strcmp_match() (cve.mitre.org)
Apache HTTP Server 2.4.53 and earlier may crash or disclose
information due to a read beyond bounds in ap_strcmp_match()
when provided with an extremely large input buffer. While no
code distributed with the server can be coerced into such a
call, third-party modules or lua scripts that use
ap_strcmp_match() may hypothetically be affected.
Credits: The Apache HTTP Server project would like to thank
Ronald Crane (Zippenhop LLC) for reporting this issue
*) SECURITY: CVE-2022-28614: read beyond bounds via ap_rwrite()
(cve.mitre.org)
The ap_rwrite() function in Apache HTTP Server 2.4.53 and
earlier may read unintended memory if an attacker can cause the
server to reflect very large input using ap_rwrite() or
ap_rputs(), such as with mod_luas r:puts() function.
Credits: The Apache HTTP Server project would like to thank
Ronald Crane (Zippenhop LLC) for reporting this issue
*) SECURITY: CVE-2022-28330: read beyond bounds in mod_isapi
(cve.mitre.org)
Apache HTTP Server 2.4.53 and earlier on Windows may read beyond
bounds when configured to process requests with the mod_isapi
module.
Credits: The Apache HTTP Server project would like to thank
Ronald Crane (Zippenhop LLC) for reporting this issue
*) SECURITY: CVE-2022-26377: mod_proxy_ajp: Possible request
smuggling (cve.mitre.org)
Inconsistent Interpretation of HTTP Requests ('HTTP Request
Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server
allows an attacker to smuggle requests to the AJP server it
forwards requests to. This issue affects Apache HTTP Server
Apache HTTP Server 2.4 version 2.4.53 and prior versions.
Credits: Ricter Z @ 360 Noah Lab
*) mod_ssl: SSLFIPS compatible with OpenSSL 3.0.
*) mod_proxy_http: Avoid 417 responses for non forwardable 100-continue.
*) mod_md: a bug was fixed that caused very large MDomains
with the combined DNS names exceeding ~7k to fail, as
request bodies would contain partially wrong data from
uninitialized memory. This would have appeared as failure
in signing-up/renewing such configurations.
*) mod_proxy_http: Avoid 417 responses for non forwardable 100-continue.
*) MPM event: Restart children processes killed before idle maintenance.
*) ab: Allow for TLSv1.3 when the SSL library supports it.
*) core: Disable TCP_NOPUSH optimization on OSX since it might introduce
transmission delays.
*) MPM event: Fix accounting of active/total processes on ungraceful restart,
*) core: make ap_escape_quotes() work correctly on strings
with more than MAX_INT/2 characters, counting quotes double.
Credit to <generalbugs@zippenhop.com> for finding this.
*) mod_md: the `MDCertificateAuthority` directive can take more than one URL/name of
an ACME CA. This gives a failover for renewals when several consecutive attempts
to get a certificate failed.
A new directive was added: `MDRetryDelay` sets the delay of retries.
A new directive was added: `MDRetryFailover` sets the number of errored
attempts before an alternate CA is selected for certificate renewals.
*) mod_http2: remove unused and insecure code.
*) mod_proxy: Add backend port to log messages to
ease identification of involved service.
*) mod_http2: removing unscheduling of ongoing tasks when
connection shows potential abuse by a client. This proved
counter-productive and the abuse detection can false flag
requests using server-side-events.
Fixes <https://github.com/icing/mod_h2/issues/231>.
*) mod_md: Implement full auto status ("key: value" type status output).
Especially not only status summary counts for certificates and
OCSP stapling but also lists. Auto status format is similar to
what was used for mod_proxy_balancer.
*) mod_md: fixed a bug leading to failed transfers for OCSP
stapling information when more than 6 certificates needed
updates in the same run.
*) mod_proxy: Set a status code of 502 in case the backend just closed the
connection in reply to our forwarded request.
*) mod_md: a possible NULL pointer deref was fixed in
the JSON code for persisting time periods (start+end).
Fixes #282 on mod_md's github.
Thanks to @marcstern for finding this.
*) mod_heartmonitor: Set the documented default value
"10" for HeartbeatMaxServers instead of "0". With "0"
no shared memory slotmem was initialized.
*) mod_md: added support for managing certificates via a
local tailscale daemon for users of that secure networking.
This gives trusted certificates for tailscale assigned
domain names in the *.ts.net space.
|
|
(All patches that were needed for JavaScriptCore on NetBSD are now upstreamed
and JavaScriptCore should build and runs without local patches.)
|
|
It was default-on, bump PKGREVISION for those who had it disabled.
|
|
Finally update Ruby on Rails 7.0 packages to 7.0.3.
7.0.3 (2022-05-12)
This is a meta gem.
|
|
7.0.3 (2022-05-12)
* No change except version.
|
|
7.0.3 (2022-05-12)
* Allow relative redirects when raise_on_open_redirects is enabled.
* Fix authenticate_with_http_basic to allow for missing password.
Before Rails 7.0 it was possible to handle basic authentication with only
a username.
authenticate_with_http_basic do |token, _|
ApiClient.authenticate(token)
end
This ability is restored.
* Fix content_security_policy returning invalid directives.
Directives such as self, unsafe-eval and few others were not single quoted
when the directive was the result of calling a lambda returning an array.
content_security_policy do |policy|
policy.frame_ancestors lambda { [:self, "https://example.com"] }
end
With this fix the policy generated from above will now be valid.
* Fix skip_forgery_protection to run without raising an error if forgery
protection has not been enabled / verify_authenticity_token is not a
defined callback.
This fix prevents the Rails 7.0 Welcome Page (/) from raising an
ArgumentError if default_protect_from_forgery is false.
* Fix ActionController::Live to copy the IsolatedExecutionState in the
ephemeral thread.
Since its inception ActionController::Live has been copying thread local
variables to keep things such as CurrentAttributes set from middlewares
working in the controller action.
With the introduction of IsolatedExecutionState in 7.0, some of that
global state was lost in ActionController::Live controllers.
* Fix setting trailing_slash: true in route definition.
get '/test' => "test#index", as: :test, trailing_slash: true
test_path() # => "/test/"
|
|
7.0.3 (2022-05-12)
* Ensure models passed to form_for attempt to call to_model.
|
|
Ruby on Rails 6.1.6 (2022-05-12)
Active Support
* Fix and add protections for XSS in ActionView::Helpers and ERB::Util.
Add the method ERB::Util.xml_name_escape to escape dangerous characters in
names of tags and names of attributes, following the specification of XML.
Action View
* Fix and add protections for XSS in ActionView::Helpers and ERB::Util.
Escape dangerous characters in names of tags and names of attributes in
the tag helpers, following the XML specification. Rename the option
:escape_attributes to :escape, to simplify by applying the option to the
whole tag.
Action Pack
* Allow Content Security Policy DSL to generate for API responses.
|
|
Ruby on Rails 6.0.5 (2022-05-12)
Active Support
* Fix tag helper regression.
Action Text
* Disentangle Action Text from ApplicationController
Allow Action Text to be used without having an ApplicationController
defined.
This makes sure:
- Action Text attachments render the correct URL host in mailers.
- an ActionController::Renderer isn't allocated per request.
- Sidekiq doesn't hang with the "classic" autoloader.
|
|
Ruby on Rails 5.2.8 (2022-05-12)
Active Support
* Fix tag helper regression.
Action View
* Make `LoadInterlockAwareMonitor` work in Ruby 2.7.
* Retain Ruby 2.2 compatibility.
|
|
|
|
* Sync with www/firefox-101.0.
|
|
* Under NetBSD/i386 9, rustc consumes all RAM and swap and failed
to build this package.
Changelog:
New
* Reading is now easier with the prefers-contrast media query, which allows
sites to detect if the user has requested that web content is presented
with a higher (or lower) contrast.
* It??s your choice! All non-configured MIME types can now be assigned a
custom action upon download completion.
* Firefox now allows users to use as many microphones as you want, at the
same time, during video conferencing. The most exciting benefit is that you
can easily switch your microphones at any time (if your conferencing
service provider enables this flexibility).
Fixed
* Various security fixes.
Changed
* Removed "subject common name" fallback support from certificate validation.
This fallback mode was previously enabled only for manually installed
certificates. The CA Browser Forum Baseline Requirements have required the
presence of the "subjectAltName" extension since 2012, and use of the
subject common name was deprecated in RFC 2818.
|
|
0.6.4
Merged PRs
- Make sure kernel is cleaned up in case an error occurred while starting kernel client
- Suppress most warnings in tests
|
|
|
|
Needed as a dependency for the newest version of eliom.
|
|
Fixes build
|
|
|
|
work on 32bit powerpc too.
|
|
For such a huge change in version number, the changes are relatively
minor, though there is one API-breaking change in the type of
Os_tips.onclose.
|
|
The changelog does not seem to have been updated, but changes are minor.
|
|
Fixes are minor, but the package has switched to dune for building.
|
|
(added databases/ocsipersist)
|
|
Fixes build
|
|
|
|
<ChangeLog>
*) Feature: ability to specify a custom index file name when serving
static files.
*) Feature: variables support in the "location" option of the "return"
action.
*) Feature: support empty strings in the "location" option of the
"return" action.
*) Feature: added a new variable, $request_uri, that includes both the
path and the query parts as per RFC 3986, sections 3-4.
*) Feature: Ruby Rack environment parameter "SCRIPT_NAME" support.
*) Feature: compatibility with GCC 12.
*) Bugfix: Ruby Sinatra applications don't work without custom logging.
*) Bugfix: the controller process could crash when a chain of more than
four certificates was uploaded.
*) Bugfix: some Perl applications failed to process the request body,
notably with Plack.
*) Bugfix: some Spring Boot applications failed to start, notably with
Grails.
*) Bugfix: incorrect Python protocol auto detection (ASGI or WSGI) for
native callable object, notably with Falcon.
*) Bugfix: ECMAScript modules did not work with the recent Node.js
versions.
</ChangeLog>
|
|
|
|
This is a collection of formatter modules which turn HTML into plain text
by dumping it through the respective external programs.
|
|
Web::Machine provides a RESTful web framework modeled as a state machine.
You define one or more resource classes. Each resource represents a single
RESTful URI end point, such as a user, an email, etc. The resource class
can also be the target for POST requests to create a new user, email, etc.
Each resource is a state machine, and each request for a resource is handled
by running the request through that state machine.
|
|
This is a module to handle the inflation and deflation of complex HTTP
header types. In many cases header values are simple strings, but in some
cases they are complex values with a lot of information encoded in them.
The goal of this module is to make the parsing and analysis of these headers
as easy as calling inflate on a compatible object.
This top-level class is basically a Factory for creating instances of the
other classes in this module. It contains a number of convenience methods to
help make common cases easy to write.
|
|
Gumbo is an implementation of the HTML5 parsing algorithm implemented as
a pure C99 library with no outside dependencies.
Goals and features of the C library:
* Fully conformant with the HTML5 spec.
* Robust and resilient to bad input.
* Simple API that can be easily wrapped by other languages. (This is one
of such wrappers.)
* Support for source locations and pointers back to the original text.
(Not exposed by this implementation at the moment.)
* Relatively lightweight, with no outside dependencies.
* Passes all html5lib-0.95 tests.
* Tested on over 2.5 billion pages from Google's index.
|
|
This distribution installs libgumbo:https://github.com/google/gumbo-parser
on your system for use by perl modules like HTML::Gumbo.
|
