Age | Commit message (Collapse) | Author | Files | Lines |
|
www/gitea: security fix, build fix
Revisions pulled up:
- www/gitea/Makefile 1.81
- www/gitea/distinfo 1.32-1.33
- www/gitea/patches/patch-Makefile 1.4
---
Module Name: pkgsrc
Committed By: khorben
Date: Wed Nov 9 23:26:15 UTC 2022
Modified Files:
pkgsrc/www/gitea: Makefile distinfo
Log Message:
gitea: update to 1.16.9
Changes since 1.16.8:
SECURITY
* Add write check for creating Commit status (#20332) (#20334)
* Check for permission when fetching user controlled issues (#20133) (#20196)
BUGFIXES
* Hide notify mail setting ui if not enabled (#20138) (#20337)
* Add write check for creating Commit status (#20332) (#20334)
* Only show Followers that current user can access (#20220) (#20253)
* Release page show all tags in compare dropdown (#20070) (#20071)
* Fix permission check for delete tag (#19985) (#20001)
* Only log non ErrNotExist errors in git.GetNote (#19884) (#19905)
* Use exact search instead of fuzzy search for branch filter dropdown (#19885) (#19893)
* Set Setpgid on child git processes (#19865) (#19881)
* Import git from alpine 3.16 repository as 2.30.4 is needed for safe.directory = '*' to work but alpine 3.13 has 2.30.3 (#19876)
* Ensure responses are context.ResponseWriters (#19843) (#19859)
* Fix incorrect usage of Count function (#19850)
* Fix raw endpoint PDF file headers (#19825) (#19826)
* Make WIP prefixes case insensitive, e.g. allow Draft as a WIP prefix (#19780) (#19811)
* Don’t return 500 on NotificationUnreadCount (#19802)
* Prevent NPE when cache service is disabled (#19703) (#19783)
* Detect truncated utf-8 characters at the end of content as still representing utf-8 (#19773) (#19774)
* Fix doctor pq: syntax error at or near “.” quote user table name (#19765) (#19770)
* Fix bug with assigneees (#19757)
---
Module Name: pkgsrc
Committed By: khorben
Date: Thu Nov 10 21:12:54 UTC 2022
Modified Files:
pkgsrc/www/gitea: distinfo
pkgsrc/www/gitea/patches: patch-Makefile
Log Message:
gitea: use find(1) in a more portable way
Verified on NetBSD, Linux (Debian 10.13), and macOS (all amd64).
No changes to the package observed, so no revision bump.
|
|
www/curl: security fix
Revisions pulled up:
- www/curl/Makefile 1.262
- www/curl/PLIST 1.92
- www/curl/distinfo 1.186
---
Module Name: pkgsrc
Committed By: wiz
Date: Wed Oct 26 07:44:01 UTC 2022
Modified Files:
pkgsrc/www/curl: Makefile PLIST distinfo
Log Message:
curl: update to 7.86.0.
Changes:
NPN: remove support for and use of
Websockets: initial support
Bugfixes:
altsvc: reject bad port numbers
altsvc: use 'h3' for h3
amiga: do not hardcode openssl/zlib into the os config
amiga: set SIZEOF_CURL_OFF_T=8 by default
amigaos: add missing curl header
asyn-ares: set hint flags when calling ares_getaddrinfo
autotools: allow --enable-symbol-hiding with windows
autotools: allow unix sockets on Windows
autotools: reduce brute-force when detecting recv/send arg list
aws_sigv4: fix header computation
bearssl: make it proper C89 compliant
CI/GHA: cancel outdated CI runs on new PR changes
CI/GHA: merge msh3 and openssl3 builds into linux workflow
cirrus-ci: add macOS build with m1
cirrus: use make LDFLAGS=-all-static instead of curl_LDFLAGS
cli tool: do not use disabled protocols
cmake: add missing inet_ntop check
cmake: add the check of HAVE_SOCKETPAIR
cmake: define BUILDING_LIBCURL in lib/CMakeLists, not config.h
cmake: delete duplicate HAVE_GETADDRINFO test
cmake: enable more detection on Windows
cmake: fix original MinGW builds
cmake: improve usability of CMake build as a sub-project
cmake: set HAVE_GETADDRINFO_THREADSAFE on Windows
cmake: set HAVE_SOCKADDR_IN6_SIN6_SCOPE_ID on Windows
cmake: sync HAVE_SIGNAL detection with autotools
cmdline/docs: add a required 'multi' keyword for each option
configure: correct the wording when checking grep -E
configure: deprecate builds with small curl_off_t
configure: fail if '--without-ssl' + explicit parameter for an ssl lib
configure: the ngtcp2 option should default to 'no'
connect: change verbose IPv6 address:port to [address]:port
connect: fix builds without AF_INET6
connect: fix Curl_updateconninfo for TRNSPRT_UNIX
connect: fix the wrong error message on connect failures
content_encoding: use writer struct subclasses for different encodings
cookie: reject cookie names or content with TAB characters
ctype: remove all use of <ctype.h>, use our own versions
curl-compilers.m4: for gcc + want warnings, set gnu89 standard
curl-compilers.m4: use -O2 as default optimize for clang
curl-wolfssl.m4: error out if wolfSSL is not usable
curl.h: fix mention of wrong error code in comment
curl/add_file_name_to_url: use the libcurl URL parser
curl/add_parallel_transfers: better error handling
curl/get_url_file_name: use libcurl URL parser
curl: warn for --ssl use, considered insecure
curl_ctype: convert to macros-only
curl_easy_pause.3: unpausing is as fast as possible
curl_escape.3: fix typo
curl_setup: disable use of FLOSS for 64-bit NonStop builds
curl_setup: include curl.h after platform setup headers
curl_setup: include only system.h instead of curl.h
curl_strequal.3: fix argument typo
curl_url_set.3: document CURLU_APPENDQUERY proper
CURLMOPT_PIPELINING.3: dedup manpage xref
CURLOPT_ACCEPT_ENCODING.3: remove "four" as they are five
CURLOPT_AUTOREFERER.3: highlight the privacy leak risk
CURLOPT_COOKIEFILE: insist on "" for enable-without-file
CURLOPT_COOKIELIST.3: fix formatting mistake
CURLOPT_DNS_INTERFACE.3: mention it works for almost all protocols
CURLOPT_MIMEPOST.3: add an (inline) example
CURLOPT_POSTFIELDS.3: refer to CURLOPT_MIMEPOST
CURLOPT_PROXY_SSLCERT_BLOB.3: this is for HTTPS proxies
CURLOPT_WILDCARDMATCH.3: Fix backslash escaping under single quotes
CURLSHOPT_UNLOCKFUNC.3: the callback has no 'access' argument
DEPRECATE.md: Support for systems without 64 bit data types
docs/examples: avoid deprecated options in examples where possible
docs/INSTALL: update Android Instructions for newer NDKs
docs/libcurl/symbols-in-versions: add several missing symbols
docs: 100+ spellfixes
docs: correct missing uppercase in Markdown files
docs: document more server names for test files
docs: fix deprecation versions inconsistencies
docs: make sure libcurl opts examples pass in long arguments
docs: remove mentions of deprecated '--without-openssl' parameter
docs: tag curl options better in man pages
docs: tell about disabled protocols in CURLOPT_*PROTOCOLS_STR.
docs: update sourceforge project links
easy: fix the #include order
easy: fix the altsvc init for curl_easy_duphandle
easy_lock: check for HAVE_STDATOMIC_H as well
examples/chkspeed: improve portability
formdata: fix warning: 'CURLformoption' is promoted to 'int'
ftp: ignore a 550 response to MDTM
ftp: remove redundant if
functypes: provide the recv and send arg and return types
getparameter: return PARAM_MANUAL_REQUESTED for -M even when disabled
GHA: build tests in a separate step from the running of them
GHA: run proselint on markdown files
github: initial CODEOWNERS setup for CI configuration
header: define public API functions as extern c
headers: reset the requests counter at transfer start
hostip: guard PF_INET6 use
hostip: lazily wait to figure out if IPv6 works until needed
http, vauth: always provide Curl_allow_auth_to_host() functionality
http2: make nghttp2 less picky about field whitespace
HTTP3.md: update Caddy example
http: try parsing Retry-After: as a number first
http_proxy: restore the protocol pointer on error
httpput-postfields.c: shorten string for C89 compliance
ldap: delete stray CURL_HAS_MOZILLA_LDAP reference
lib1560: extended to verify detect/reject of unknown schemes
lib517: fix C89 constant signedness
lib: add missing limits.h includes
lib: add required Win32 setup definitions in setup-win32.h
lib: prepare the incoming of additional protocols
lib: sanitize conditional exclusion around MIME
lib: set more flags in config-win32.h
lib: the number four in a sequence is the "fourth"
libssh: if sftp_init fails, don't get the sftp error code
Makefile.m32: deduplicate build rules
Makefile.m32: drop CROSSPREFIX and our CC/AR defaults
Makefile.m32: exclude libs & libpaths for shared mode exes
Makefile.m32: fix regression with tool_hugehelp
Makefile.m32: major rework
Makefile.m32: reintroduce CROSSPREFIX and -W -Wall
Makefile.m32: support more options
manpage-syntax.pl: all libcurl option symbols should be \fI-tagged
manpages: Fix spelling of "allows to" -> "allows one to"
misc: ISSPACE() => ISBLANK()
misc: use the term "null-terminate" consistently
mprintf: reject two kinds of precision for the same argument
mprintf: use snprintf if available
mqtt: return error for too long topic
mqtt: spell out CONNECT in comments
msh3: change the static_assert to make the code C89
netrc: compare user name case sensitively
netrc: replace fgets with Curl_get_line
netrc: use the URL-decoded user
ngtcp2: fix build errors due to changes in ngtcp2 library
ngtcp2: fix C89 compliance nit
noproxy: support proxies specified using cidr notation
openssl: make certinfo available for QUIC
README.md: add GHA status badges for Linux and macOS builds
RELEASE-PROCEDURE.md: mention patch releases
resolve: make forced IPv4 resolve only use A queries
runtests: fix uninitialized value on ignored tests
schannel: ban server ALPN change during recv renegotiation
schannel: don't reset recv/send function pointers on renegotiation
schannel: when importing PFX, disable key persistence
scripts: use `grep -E` instead of `egrep`
setopt: use the handler table for protocol name to number conversions
setopt: when POST is set, reset the 'upload' field
setup-win32: no longer define UNICODE/_UNICODE implicitly
single_transfer: use the libcurl URL parser when appending query parts
smb: replace CURL_WIN32 with WIN32
strcase: add and use Curl_timestrcmp
strerror: improve two URL API error messages
symbol-scan.pl: also check for LIBCURL* symbols
symbol-scan.pl: scan and verify .3 man pages
symbols-in-versions: add missing LIBCURL* symbols
symbols-in-versions: CURLOPT_ENCODING is deprecated since 7.21.6
test1119: scan all public headers
test1275: verify uppercase after period in markdown
test972: verify the output without using external tool
tests/certs/scripts: insert standard curl source headers
tests/Makefile: remove run time stats from ci-test
tests: avoid CreateThread if _beginthreadex is available
tests: fix tag syntax errors in test files
tests: skip mime/form tests when mime is not built-in
tidy-up: delete parallel/unused feature flags
tidy-up: delete unused HAVE_STRUCT_POLLFD
TODO: provide the error body from a CONNECT response
tool: avoid generating ambiguous escaped characters in --libcurl
tool: remove dead code
tool: reorganize function c_escape around a dynbuf
tool_hugehelp: make hugehelp a blank macro when disabled
tool_main: exit at once if out of file descriptors
tool_operate: avoid a few #ifdefs for disabled-libcurl builds
tool_operate: more transfer cleanup after parallel transfer fail
tool_operate: prevent over-queuing in parallel mode
tool_operate: reduce errorbuffer allocs
tool_paramhelp: asserts verify maximum sizes for string loading
tool_paramhelp: make the max argument a 'double'
tool_progress: remove 'Qd' from the parallel progress bar
tool_setopt: use better English in --libcurl source comments
tool_xattr: save the original URL, not the final redirected one
unit test 1655: make it C89-compliant
url: a zero-length userinfo part in the URL is still a (blank) user
url: allow non-HTTPS HSTS-matching for debug builds
url: rename function due to name-clash in Watt-32
url: use IDN decoded names for HSTS checks
urlapi: detect scheme better when not guessing
urlapi: fix parsing URL without slash with CURLU_URLENCODE
urlapi: leaner with fewer allocs
urlapi: reject more bad characters from the host name field
winbuild/MakefileBuild.vc: handle spaces in libssh(2) include paths
winbuild: use NMake batch-rules for compilation
windows: add .rc support to autotools builds
windows: adjust name of two internal public functions
windows: autotools .rc warnings fixup
wolfSSL: fix session management bug.
|
|
www/arcticfox: arm build fix
Revisions pulled up:
- www/arcticfox/Makefile 1.16
---
Module Name: pkgsrc
Committed By: nia
Date: Wed Oct 26 13:55:17 UTC 2022
Modified Files:
pkgsrc/www/arcticfox: Makefile
Log Message:
arcticfox: Use latest versions of config.guess/config.sub from pkgsrc.
Should help armv[6-7] builds, since arcticfox's embedded copy of ICU
still contains versions from 2013 that don't know about NetBSD arm
variants.
|
|
www/ruby-jekyll: critical bugfix
Revisions pulled up:
- www/ruby-jekyll/Makefile 1.43
- www/ruby-jekyll/distinfo 1.28
- www/ruby-jekyll/patches/patch-lib_jekyll_commands_serve.rb 1.1
---
Module Name: pkgsrc
Committed By: taca
Date: Sun Oct 16 04:17:23 UTC 2022
Modified Files:
pkgsrc/www/ruby-jekyll: Makefile distinfo
Added Files:
pkgsrc/www/ruby-jekyll/patches: patch-lib_jekyll_commands_serve.rb
Log Message:
www/ruby-jekyll: fix "jekyll server"
Fix "jekyll server".
* Require ruby-webrick on Ruby 3.0 and lator.
* Explicitly require webrick".
Bump PKGREVISION.
|
|
www/firefox102: security fix
Revisions pulled up:
- www/firefox102-l10n/Makefile 1.6
- www/firefox102-l10n/distinfo 1.5
- www/firefox102/Makefile 1.9
- www/firefox102/distinfo 1.6
---
Module Name: pkgsrc
Committed By: nia
Date: Sat Oct 22 15:59:27 UTC 2022
Modified Files:
pkgsrc/www/firefox102: Makefile distinfo
pkgsrc/www/firefox102-l10n: Makefile distinfo
Log Message:
firefox102: Update to 102.4.0
Security Vulnerabilities fixed in Firefox ESR 102.4
#CVE-2022-42927: Same-origin policy violation could have leaked cross-origin
URLs
#CVE-2022-42928: Memory Corruption in JS Engine
#CVE-2022-42929: Denial of Service via window.print
#CVE-2022-42932: Memory safety bugs fixed in Firefox 106 and Firefox ESR
102.4
|
|
www/webkit-gtk: aarch64 build fix
Revisions pulled up:
- www/webkit-gtk/Makefile 1.239
- www/webkit-gtk/distinfo 1.172
- www/webkit-gtk/patches/patch-Source_cmake_OptionsCommon.cmake 1.7
---
Module Name: pkgsrc
Committed By: nia
Date: Sat Oct 8 11:06:36 UTC 2022
Modified Files:
pkgsrc/www/webkit-gtk: Makefile distinfo
pkgsrc/www/webkit-gtk/patches: patch-Source_cmake_OptionsCommon.cmake
Log Message:
webkit-gtk: Attempt to fix the build on NetBSD 9 aarch64 by avoiding
the compiler builtin __int128_t implementation
related to PR toolchain/57022
|
|
www/drupal9: security fix
Revisions pulled up:
- www/drupal9/Makefile 1.6
- www/drupal9/PLIST 1.4
- www/drupal9/distinfo 1.4
---
Module Name: pkgsrc
Committed By: taca
Date: Thu Oct 6 14:09:50 UTC 2022
Modified Files:
pkgsrc/www/drupal9: Makefile PLIST distinfo
Log Message:
www/drupal9: update to 9.3.22
9.3.21 (2022-08-03)
* Issue #3301495 by lauriii, nod_: Update CKEditor 5 to 35.0.1
* Issue #3300773 by bradjones1, xjm, catch, andypost, Spokje: Fix failed
test on `symfony/http-foundation` 4.4.44/6.1.3 and later
9.3.22 (2022-09-28)
This release fixes security vulnerabilities. Sites are urged to update
immediately after reading the notes below and the security announcement:
* Drupal core - Critical - Multiple vulnerabilities - SA-CORE-2022-016
No other fixes are included.
|
|
ChangeLog: https://github.com/openresty/lua-nginx-module/compare/v0.10.21...v0.10.22
Bump PKGREVISIONs.
|
|
|
|
|
|
ELinks 0.15.1
* about:config
* option --always-load-config #137
* compilation fixes on Windows #140
* added ui.background_char #142
* sample build scripts and docker files
* experimental DGI support
* DOS port based on links code
* configurable Accept-Header #143
* minor compilation fixes
ELinks 0.15.0
* Serbian translation update
ELinks 0.15.0rc2
Released on 2021-12-19
* Serbian translation update
* HOME_ETC
ELinks 0.15.0rc1
* removed -Wno-pointer-sign from CFLAGS
* close stdin before calling a background program (sgerwk)
and options related to it #108, #109, #110, #113
* gemini protocol and text/gemini mime type
* changed rendering of blockquote element
* avoid tmpfile in lua (sgerwk) #115, #118
* console.log in js (mtatton) #93
* localstorage (mtatton) #98
* options document.browse.search.beginning_only
document.browse.search.ignore_history
ui.double_esc
* ui.temperature.* to show temperature of CPU
* document.plain.fixup_tables
* enhanced ecmascript code. Added QuickJS
* Notes on ECMAScript:
requires C++ compiler, sqlite3, libxml++5 >= 5.0.1.GIT
and either mozjs78-dev or QuickJS-2021-03-27
Most sites don't work, some crash. Some workarounds were implemented:
a) ECMAScript is disabled by default
b) ~/.elinks/allow.txt and ~/.elinks/disallow.txt with url prefixes
c) Added toggle-ecmascript action. You can bind it to some key
* other small fixes
|
|
We likely need this anyway since WebKit requires GCC 8 at minimum,
but forcing pkgsrc libgcc to be used (and thus bypassing the one
built with the custom build system in NetBSD that doesn't include
__fixdfti on aarch64) may be a useful workaround for PR toolchain/57022
|
|
|
|
Does not build in any bulk builds since June, dead upstream
Replacement collective.zopeedit could be packaged if someone is interested
|
|
Security Vulnerabilities fixed in Firefox ESR 102.3
#CVE-2022-3266: Out of bounds read when decoding H264
#CVE-2022-40959: Bypassing FeaturePolicy restrictions on transient pages
#CVE-2022-40960: Data-race when parsing non-UTF-8 URLs in threads
#CVE-2022-40958: Bypassing Secure Context restriction for cookies with
__Host and __Secure prefix
#CVE-2022-40956: Content-Security-Policy base-uri bypass
#CVE-2022-40957: Incoherent instruction cache when building WASM on ARM64
#CVE-2022-40962: Memory safety bugs fixed in Firefox 105 and Firefox ESR
102.3
|
|
Add official patches for security fix to CVE-2022-41317 and CVE-2022-41318.
Bump PKGREVISION.
|
|
This update contains fix for CVE-2022-41317 and CVE-2022-41318.
Changes in squid-5.7 (05 Sep 2022):
- Regression Fix: Typo in manager ACL
- Bug 5186: noteDestinationsEnd check failed: transportWait
- Bug 5160: Test suite fails with -flto=auto
- Bug 3193 pt2: NTLM decoder truncating strings
- Bug 5133: OpenSSL 3.0 support
- ext_session_acl: fix TDB key lookup
- forward_max_tries: Do not count discarded connections
- ... and many compile and debugging fixes
|
|
|
|
Fix portability issue while here.
|
|
4.5.1 (2022-09-15)
==================
- Disable unsafe math optimizations in C code.
|
|
v0.5.0
Bump bundled llhttp to 6.0.9
fixes CVE-2022-32213, CVE-2022-32214, CVE-2022-32215
Test and build against Python 3.11
|
|
upstream changes
----------------
Dotclear 2.23.1 - 2022-08-13
===========================================================
* Fix: Adding a new comment was buggy (front/back)
Dotclear 2.23 - 2022-08-13
===========================================================
* PHP 7.4+ is required, PHP 8.0/8.1 compliance
* Remove Iconset management
* Admin UI: Harmonize font size on different support (laptop, tablet, mobile)
* Admin UX: Group more logically buttons on CKEditor toolbar
* Core: New constant DC_DEFAULT_THEME, set to 'berlin'
* Core: Use predefined constants for post statuses (dcBlog::POST_*)
* Core: Use predefined constants for comment statuses (dcBlog::COMMENT_*)
* Core: Deprecated global $core (or $GLOBALS['core']), use dcCore::app() instead
* Core: Deprecated global $_ctx, use dcCore::app()->ctx instead
* Core: Deprecated global $_lang, use dcCore::app()->lang instead
* Core: Deprecated global $mod_files, use dcCore::app()->cache['mod_files'] instead
* Core: Deprecated global $mod_ts, use dcCore::app()->cache['mod_ts'] instead
* Core: Deprecated global $_menu, use dcCore::app()->menu instead
* Core: Deprecated global $__resources, use dcCore::app()->resources instead
* Core: REST server now accepts JSON format (experimental)
* Fix: Use relative URL for attachments as far as possible
* Fix: Remove select hiding mechanism when help is displayed
* Fix: Loading of modules (plugins/themes) in safe mode
* Fix: Message position on Quick entry submit (dashboard)
* Fix: Select appearance on Safari (webkit engine)
* Lib: Update CKEditor to 4.19.1
* Lib: Update Codemirror to 5.65.7
* Various bugs, a11y concerns and typos fixed
* Some locales and cosmetic adjustments
* Warning: Internet Explorer is not more officially supported (may still work weirdly)
|
|
3.149.0 (2022-09-16)
* Feature - Updated Aws::SSO::Client with the latest API changes.
3.148.0 (2022-09-15)
* Feature - Updated Aws::SSO::Client with the latest API changes.
3.147.0 (2022-09-14)
* Feature - Updated Aws::SSO::Client with the latest API changes.
3.146.0 (2022-09-13)
* Feature - Updated Aws::SSO::Client with the latest API changes.
3.145.0 (2022-09-12)
* Feature - Updated Aws::SSO::Client with the latest API changes.
|
|
1.631.0 (2022-09-15)
* Feature - Updated the partitions source data the determines the AWS
service regions and endpoints.
1.630.0 (2022-09-14)
* Feature - Updated the partitions source data the determines the AWS
service regions and endpoints.
1.629.0 (2022-09-13)
* Feature - Updated the partitions source data the determines the AWS
service regions and endpoints.
|
|
Changes in release 0.32.4:
* Fix Digest regression in allowing implicit algorithm= (issue #88)
* Fix Digest to safely allow spaces in usernames (without userhash)
* ne_ssl_trust_default_ca() now uses the system's trusted CAs
with GnuTLS where supported (matching behaviour of OpenSSL)
|
|
* Update comment about TCP_INFO on OpenBSD
* [mod_ajp13] fix crash with bad response headers (fixes #3170)
* [core] handle RDHUP when collecting chunked body
* [core] tweak streaming request body to backends
* [core] handle ENOSPC with pwritev() (#3171)
* [core] manually calculate off_t max (fixes #3171)
* [autoconf] force large file support (#3171)
* [multiple] quiet coverity warnings using casts
* [meson] add license keyword to project declaration
|
|
upstream changes:
-----------------
* [9.1.0-beta1] Security: Choose Lookup params per auth module (CVE-2022-31107)
* [9.0.3] Chore: Fix CVE-2020-7753. #51752, @jackw
* [9.0.3] Chore: Fix CVE-2021-3807. #51753, @jackw
* [9.0.3] Chore: Fix CVE-2021-3918. #51745, @jackw
* [9.0.3] Chore: Fix CVE-2021-43138. #51751, @jackw
* [9.0.3] Chore: Fix CVE-2022-0155. #51755, @jackw
* [9.0.3] Security: Fixes for CVE-2022-31107 and CVE-2022-31097
* https://github.com/grafana/grafana/blob/v9.1.5/CHANGELOG.md
|
|
This is required to correctly handle alloca(), which isn't in libc on
this particular variant, and is only handled by the compiler under
the gnu* variants.
|
|
Changes:
2.36.8
======
- Fix jumpy elements when scrolling GitLab and other web sites.
- Fix WebKitWebView:web-process-terminated signal not being emitted
for the first web view when sandboxing is enabled.
- Fix hang when opening HTML <select> elements in GTK4 builds.
- Fix kinetic scrolling with elements that use overflow scrolling.
- Fix several crashes and rendering issues.
|
|
2.19.0 (2022-09-14)
Features
* Allow SVG 1.0 color keyword names in CSS attributes. These colors are
part of the CSS Color Module Level 3 recommendation released 2022-01-18.
[#243]
|
|
1.12.0 (2022-09-16)
* Improve exception message for missing value #131
* :rule_set_exceptions option added #132
|
|
Correct dependency to net/ruby-connection_pool.
Bump PKGREVISION.
|
|
Changes:
1.2
---
* Unset a newly introduced option in libgit2 that do not allow different users
from reading the git repository. This is not a security issue for stagit.
See also the related page:
https://github.blog/2022-04-12-git-security-vulnerability-announced/
* Add a workaround comment in the Makefile for distros or packagers using an
older libgit2 version (Void Linux, Debian, etc).
|
|
functions explicitly.
The patch fixes
<https://gitlab.com/davical-project/davical/-/issues/271>.
|
|
Django 3.2.15 fixes a security issue with severity “high”
CVE-2022-36359: Potential reflected file download vulnerability in FileResponse¶
An application may have been vulnerable to a reflected file download (RFD) attack that sets the Content-Disposition header of a FileResponse when the filename was derived from user-supplied input. The filename is now escaped to avoid this possibility.
|
|
<ChangeLog>
*) Change: increased the applications' startup timeout.
*) Change: disallowed abstract Unix domain socket syntax in non-Linux
systems.
*) Feature: basic statistics API.
*) Feature: customizable access log format.
*) Feature: more HTTP variables support.
*) Feature: forwarded header to replace client address and protocol.
*) Feature: ability to get dynamic variables.
*) Feature: support for abstract Unix sockets.
*) Feature: support for Unix sockets in address matching.
*) Feature: the $dollar variable translates to a literal "$" during
variable substitution.
*) Bugfix: router process could crash if index file didn't contain an
extension.
*) Bugfix: force SCRIPT_NAME in Ruby to always be an empty string.
*) Bugfix: when isolated PID numbers reach the prototype process host
PID, the prototype crashed.
*) Bugfix: the Ruby application process could crash on SIGTERM.
*) Bugfix: the Ruby application process could crash on SIGINT.
*) Bugfix: mutex leak in the C API.
</ChangeLog>
|
|
|
|
Only supports python 2.x, no users in pkgsrc.
|
|
Only supports python 2.x
Newer version in wip; needs updating to latest version.
|
|
|
|
|
|
Changes in release 0.32.3:
* Improvements and fixes to Windows build (Chun-wei Fan)
* Fix finding pkg-config when cross-compiling (Hugh McMaster)
* Fix Digest cnonce entropy sources in non-SSL builds
* Fix cases where Digest usernames were rejected as non-ASCII
* Fix build failures with OpenSSL 1.1 on some platforms
|
|
|
|
Update DEPENDS
Upstream changes:
1.000000 2022-08-17 18:19:05Z
- This module is no longer considered to be beta
- Document that Everywhere can be used with the -M switch (GH#22) (Olaf
Alders)
- Recognise subtype soap+xml (GH#25) (David Precious)
- Drop dependency on URI::Query
|
|
Upstream changes:
1.5 2020-10-06 00:54:06Z
* Added cookie jar capability to non-server usage (Torsten Raudssus)
|
|
Upstream changes:
0.036 2022-01-16 04:11:38Z
- use http rather than https URIs in network tests
0.035 2022-01-15 03:45:06Z
- fix network test that failed due to a broken redirect service
|
|
Upstream changes:
0.18 2022-06-20 16:44:43 PDT
- Support max_redirect: 0 (skaji) #23
|
|
Upstream changes:
Changes for version 6.37 - 2022-06-14
Support for Brotli "br" encoding (GH#163) (trizen and Julien Fiegehenn)
Don't test Perl > 5.32 on Windows in GH Actions (GH#174) (Olaf Alders)
|
|
Upstream changes:
0.014 2022-07-25 09:45:56-04:00 America/New_York
- No changes from 0.013
0.013 2022-07-17 10:13:20-04:00 America/New_York (TRIAL RELEASE)
[FIXED]
- Cookie last access time is updated when a cookie is retrieved; this has
no functional effect but is consistent with RFC 6265.
|
|
Upstream changes:
1.08 Wed 07 Sep 2022
- <frame> and <iframe> are no longer on the list of self-closing tags.
Thanks to Graham Knop for catching this
- Updated packaging
1.07 Thu 01 Sep 2022
- No functional changes
- POD error fix
1.06 Wed 31 Aug 2022
- Updated packaging and package metadata
- Minimum Perl version requirement raised to 5.6
- New shortcut methods for HTML5 tags as well as previously missing tags:
applet article aside audio bdi blink canvas center data datalist details
dialog dir embed figcaption figure font footer header hgroup keygen main
mark marquee menu menuitem meter nav nobr output picture portal progress
rb rp rt rtc ruby s section slot source strike summary template time
track u video wbr xmp
|