| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Upstream changes (from CHANGES.md):
## 2.2.0 (2017-02-03)
* [#375](https://github.com/httprb/http/pull/375)
Add support for automatic Gzip/Inflate
([@Bonias])
* [#390](https://github.com/httprb/http/pull/390)
Add REPORT to the list of valid HTTP verbs
([@ixti])
## 2.1.0 (2016-11-08)
* [#370](https://github.com/httprb/http/issues/370)
Add Headers#include?
([@ixti])
* [#364](https://github.com/httprb/http/issues/364)
Add HTTP::Response#connection
([@janko-m])
* [#362](https://github.com/httprb/http/issues/362)
connect_ssl uses connect_timeout (Closes #359)
([@TiagoCardoso1983])
|
|
No upstream changelog.
|
|
No upstream changelog, but a visible change for pkgsrc is
"Loosen faraday requirements to allow 0.10 to work."
|
|
Tomcat 8.0.41 (violetagg)
Cluster
Add: Make the accessTimeout configurable in BackupManager. The accessTimeout is used as a timeout period for PING in replication map. (kfujino)
Web applications
Fix: Ensure the ASF logo image is displayed in host-manager. (violetagg)
not released Tomcat 8.0.40 (violetagg)
Catalina
Add: 53602: Add HTTP status code 451 (RFC 7725) to the list of HTTP status codes recognised by Tomcat. (markt)
Fix: 60446: Handle the case where the stored user credential uses a different key length than the length currently configured for the CredentialHandler. Based on a patch by Niklas Holm. (markt)
Fix: 60351: Delay creating META-INF/war-tracker file until after the WAR has been expanded to address the case where the Tomcat process terminates during the expansion. (markt)
Fix: Correctly handle the configClass attribute of a Host when embedding Tomcat. (markt)
Fix: 60379: Dispose of the GSS credential once it is no longer required. Patch provided by Michael Osipov. (markt)
Fix: 60380: Ensure that a call to HttpServletRequest#logout() triggers a call to TomcatPrincipal#logout(). Based on a patch by Michael Osipov. (markt)
Fix: 60387: Correct the javadoc for o.a.catalina.AccessLog.setRequestAttributesEnabled. The default value is different for the different implementations. (violetagg)
Code: 60393: Use consistent parameter naming in implementations of Realm#authenticate(GSSContext, boolean). (markt)
Fix: 60395: Log when an Authenticator passes an incomplete GSSContext to a Realm since it indicates a bug in the Authenticator. Patch provided by Michael Osipov. (markt)
Fix: Correctly generate URLs for resources located inside JARs that are themselves located inside a packed WAR file. (markt)
Fix: 60410: Ensure that multiple calls to JarInputStreamWrapper#close() do not incorrectly trigger the closure of the underlying JAR or WAR file. (markt)
Fix: 60411: Implement support in the RewriteValve for symbolic names to specify the redirect code to use when returning a redirect response to the user agent. Patch provided by Michael Osipov. (markt)
Fix: 60413: In the RewriteValve write empty capture groups as the empty string rather than as "null" when generating the re-written URL. Based on a patch by Michael Osipov. (markt)
Update: Update the warnings that reference required options for running on Java 9 to use the latest syntax for those options. (markt)
Fix: 60513: Fix thread safety issue with RMI cleanup code. (remm)
Coyote
Fix: Ensure that the endpoint is able to unlock the acceptor thread during shutdown if the endpoint is configured to listen to any local address of a specific type such as 0.0.0.0 or ::. (markt)
Fix: Prevent read time out when the file is deleted while serving the response. The issue was observed only with APR Connector and sendfile enabled. (violetagg)
Fix: Improve the logic that selects an address to use to unlock the Acceptor to take account of platforms what do not listen on all local addresses when configured with an address of 0.0.0.0 or ::. (markt)
Fix: 60409: When unable to complete sendfile request, ensure the Processor will be added to the cache only once. (markt/violetagg)
Jasper
Fix: 60431: Improve handling of varargs in UEL expressions. Based on a patch by Ben Wolfe. (markt)
Fix: 60497: Restore previous tag reuse behavior following the use of try/finally. (remm)
Fix: Improve the error handling for simple tags to ensure that the tag is released and destroyed once used. (remm)
Fix: 60497: Follow up fix using a better variable name for the tag reuse flag. (remm)
Fix: Revert use of try/finally for simple tags. (remm)
Web applications
Fix: Correct a typo in Host Configuration Reference. Issue reported via comments.apache.org. (violetagg)
Fix: 60344: Add a note to BUILDING.txt regarding using the source bundle with the correct line endings. (markt)
Fix: 60412: Add information on the comment syntax for the RewriteValve configuration. (markt)
Fix: 60467: remove problematic characters from XML documentation. Based upon a patch by Michael Osipov. (schultz)
Add: In the documentation web application, be explicit that clustering requires a secure network for all of the cluster network traffic. (markt)
Update: Update the ASF logos to the new versions.
Fix: 60468: Correct the format of the sample ISO-8601 date used to report the build date for the documentation. Patch provided by Michael Osipov. (markt)
Tribes
Fix: Reduce the warning logs for a message received from a different domain in order to avoid excessive log outputs. (kfujino)
Add: Add log message that PING message has received beyond the timeout period. (kfujino)
Fix: When a PING message that beyond the time-out period has been received, make sure that valid member is added to the map membership. (kfujino)
WebSocket
Fix: 60437: Avoid possible handshake overflows in the websocket client. (remm)
jdbc-pool
Add: 58816: Implement the statistics of jdbc-pool. The stats infos are borrowedCount, returnedCount, createdCount, releasedCount, reconnectedCount, releasedIdleCount and removeAbandonedCount. (kfujino)
Fix: 60194: If validationQuery is not specified, connection validation is done by calling the isValid() method. (kfujino)
Fix: 60398: Fix testcase of TestSlowQueryReport. (kfujino)
Add: Enable reset the statistics without restarting the pool. (kfujino)
Other
Fix: 60366: Change catalina.bat to use directly LOGGING_MANAGER and LOGGING_CONFIG variables in order to configure logging, instead of modifying JAVA_OPTS. Patch provided by Petter Isberg. (violetagg)
Add: New property is added test.verbose in order to control whether the output of the tests is displayed on the console or not. Patch provided by Emmanuel Bourg. (violetagg)
Update: Update the ASF logos used in the Apache Tomcat installer for Windows to use the new versions.
Fix: Spelling corrections provided by Josh Soref. (violetagg)
|
|
a slightly more maintenance friendly version of the patch in PR pkg/51695 from
David Shao.
|
|
---------------------------
* Add support for Django-1.10
* Drop support for Django-1.7
* Moved Repository from Bitbucket to GitHub
* Moved documentation to https://django-treebeard.readthedocs.io/
* Moved continuous integration to https://travis-ci.org/django-treebeard/django-treebeard
|
|
no pkgrevision bump because it does not build.
only part of PR pkg/51695 from David Shao.
|
|
as we do it, we create conflicting flags, and configure complains.
PR pkg/51927
|
|
|
|
Pkgsrc changes :
- dependency to www/py-feedgenerator updated to 1.9 (otherwise, pelican
does not work) ;
- tabs alignement to make pkglint happy.
|
|
No upstream changelog available.
New homepage for the project (on GitHub).
|
|
Upstream changes :
3.6.3 to 3.7.0 :
Atom feeds output <content> in addition to <summary>
Atom feeds use <published> for the original publication date and
<updated> for modifications
Simplify Atom feed ID generation and support URL fragments
Produce category feeds with category-specific titles
RSS feeds now default to summary instead of full content —
set RSS_FEED_SUMMARY_ONLY = False to revert to previous behavior
Replace MD_EXTENSIONS with MARKDOWN setting
Replace JINJA_EXTENSIONS with more-robust JINJA_ENVIRONMENT setting
Improve summary truncation logic to handle special characters and tags that
span multiple lines, using HTML parser instead of regular expressions
Include summary when looking for intra-site link substitutions
Link to authors and index via {author}name and {index} syntax
Override widget names via LINKS_WIDGET_NAME and SOCIAL_WIDGET_NAME
Add INDEX_SAVE_AS option to override default index.html value
Remove PAGES context variable for themes in favor of pages
SLUG_SUBSTITUTIONS now accepts 3-tuple elements, allowing URL slugs to
contain non-alphanumeric characters
Tag and category slugs can be controlled with greater precision using the
TAG_SUBSTITUTIONS and CATEGORY_SUBSTITUTIONS settings
Author slugs can be controlled with greater precision using the
AUTHOR_SUBSTITUTIONS setting
DEFAULT_DATE can be defined as a string
Use mtime instead of ctime when DEFAULT_DATE = 'fs'
Add --fatal=errors|warnings option for use with continuous integration
When using generator-level caching, ensure previously-cached files are
processed instead of just new files
Add Python and Pelican version information to debug output
Improve compatibility with Python 3.5
Comply with and enforce PEP8 guidelines
Replace tables in settings documentation with data:: directives
3.7.0 to 3.7.1 :
Fix locale issues in Quickstart script
Specify encoding for README and CHANGELOG in setup.py
Pkgsrc changes :
removed import of pelican in docs generation, which prevented building
the package
|
|
|
|
|
|
Bug Fixes
---------
Escaped strings in close_frame JS template.
Fixed a bug with text-transform styles on inputs affecting CMS login
Fixed a typo in the confirmation message for copying plugins from a different language
Fixed a bug which prevented certain migrations from running in a multi-db setup.
Fixed a regression which prevented the Page model from rendering correctly when used in a raw_id_field.
Fixed a regression which caused the CMS to cache the toolbar when CMS_PAGE_CACHE was set to True and an anonymous user had cms_edit set to True on their session.
Fixed a regression which prevented users from overriding content in an inherited placeholder.
Fixed a bug affecting Firefox for Macintosh users, in which use of the Command key later followed by Return would trigger a plugin save.
Fixed a bug where template inheritance setting creates spurious migration
Fixed a bug which prevented the page from being marked as dirty (pending changes) when changing the value of the overwrite url field.
Fixed a bug where the page tree would not update correctly when a sibling page was moved from left to right or right to left.
Improvements and new features
-----------------------------
Added official support for Django 1.10.
Rewrote manual installation how-to documentation
Re-introduced the “Revert to live” menu option.
Added support for django-reversion >= 2
Improved the fix-tree command so that it also fixes non-root nodes (pages).
Introduced placeholder operation signals.
Deprecations
------------
Removed the deprecated add_url(), edit_url(), move_url(), delete_url(), copy_url() properties of CMSPlugin model.
Added a deprecation warning to method render_plugin() in class CMSPlugin.
Deprecated frontend_edit_template attribute of CMSPluginBase.
The post_ methods in `PlaceholderAdminMixin have been deprecated in favor of placeholder operation signals.
Other changes
-------------
Adjusted Ajax calls triggered when performing a placeholder operation (add plugin, etc..) to include a GET query called cms_path. This query points to the path where the operation originates from.
Changed CMSPlugin.get_parent_classes() from method to classmethod.
|
|
- Setting ``revision.user`` in ``process_response`` for middleware (@etianen).
- Fixing localization of model primary keys in `recover_list.html` (@w4rri0r3k).
- Documentation tweaks
|
|
Better support for Django 1.10
Updated German and French translations
Add Chinese (traditional), Hungarian and Finnish translations
Remove tests folder from package (again.)
|
|
- Added the ``request`` parameter to :meth:`FormPreview.parse_params()
<formtools.preview.FormPreview.parse_params>`.
- Added support for Django 1.10.
- Dropped support for Django 1.7 and Python 3.2 on Django 1.8.
|
|
|
|
RoboBrowser is a simple, Pythonic library for browsing the web
without a standalone web browser. RoboBrowser can fetch a page,
click on links and buttons, and fill out and submit forms. If you
need to interact with web services that don't have APIs, RoboBrowser
can help.
|
|
|
|
o fix an infinite loop in cgi processing
o fixes and clean up for the testsuite
o no longer sends encoding header for compressed formats
|
|
- Added http\Client\Curl\User interface for userland event loops
- Added http\Url::IGNORE_ERRORS, http\Url::SILENT_ERRORS and
http\Url::STDFLAGS
- Added http\Client::setDebug(callable $debug)
- Added http\Client\Curl\FEATURES constants and namespace
- Added http\Client\Curl\VERSIONS constants and namespace
- Added share_cookies and share_ssl (libcurl >= 7.23.0) options to
http\Client::configure()
- http\Client uses curl_share handles to properly share cookies and
SSL/TLS sessions between requests
- Improved configure checks for default CA bundles
- Improved negotiation precision
- Fixed regression introduced by http\Params::PARSE_RFC5987:
negotiation using the params parser would receive param keys without
the trailing asterisk, stripped by http\Params::PARSE_RFC5987.
- Fix gh-issue #50: http\Client::dequeue() within
http\Client::setDebug() causes segfault
- Fix gh-issue #47: http\Url: Null pointer deref in sanitize_value()
- Fix gh-issue #45: HTTP/2 response message parsing broken with
libcurl >= 7.49.1
- Fix gh-issue #43: Joining query with empty original variable in
query
- Fix gh-issue #42: fatal error when using punycode in URLs
- Fix gh-issue #41: Use curl_version_info_data.features when
initializing options
- Fix gh-issue #40: determinde the SSL backend used by curl at runtime
- Fix gh-issue #39: Notice: http\Client::enqueue(): Could not set
option proxy_service_name
- Fix gh-issue #38: Persistent curl handles: error code not properly
reset
- Fix gh-issue #36: Unexpected cookies sent if persistent_handle_id is
used
- Fix gh-issue #34: allow setting multiple headers with the same name
- Fix gh-issue #33: allow setting prodyhost request option to NULL
- Fix gh-issue #31: add/improve configure checks for default CA
bundle/path
Changes from beta1:
- Fixed PHP-5.3 compatibility
- Fixed recursive calls to the event loop dispatcher
Changes from beta2:
- Fix bug #73055: crash in http\QueryString (CVE-2016-7398)
- Fix bug #73185: Buffer overflow in HTTP parse_hostinfo()
(CVE-2016-7961)
- Fix HTTP/2 version parser for older libcurl versions
|
|
* SSLv2 records force SslBump bumping despite a matching step2 peek rule.
* Mitigate DoS attacks that use client-initiated SSL/TLS renegotiation.
* Detect HTTP header ACL issue
* Fix some spelling mistakes
* Update External ACL helpers error handling and caching
* Fix "Source and destination overlap in memcpy" Valgrind errors
* Reduce crashes due to unexpected ClientHttpRequest termination.
* Bug 3940 pt2: Make 'cache deny' do what is documented
|
|
Upstream changes:
7.23 2017-01-29
- Added max_request_size attribute to Mojolicious.
- Added max_response_size attribute to Mojo::UserAgent.
- Added to_unsafe_string method to Mojo::URL.
- Added -S option to get command.
- Fixed a data corruption problem in Mojo::IOLoop::Stream, caused by a
dependency of IO::Socket::SSL on the internal representation of strings,
which differs from IO::Socket::IP. (coolo, sri)
|
|
pkgsrc changes:
* add graphics/ruby-gnome2-clutter-gdk
Upstream changes:
(from https://github.com/ruby-gnome2/ruby-gnome2/blob/3.1.1/NEWS)
== Ruby-GNOME2 3.1.1: 2017-01-26
=== Changes
==== All
* Improvements
* Windows: Supported Ruby 2.4.
==== Ruby/GLib2
* Improvements
* (({GLib::DateTime})): Added.
[GitHub#961][GitHub#965]
[Patch by cedlemo]
* (({GLib::TimeZone})): Added. [GitHub#963][Patch by cedlemo]
* Stopped to show "message", "info" and "debug" level logs by default.
You can enable them by (({$DEBUG = true})).
[GitHub#981][Reported by PeterWAWood]
* Windows: Updated bundled PCRE to 8.40.
==== Ruby/GObjectIntrospection
* Improvements
* Supported outputting (({guint8})) array.
* Supported converting (({equal})) method to (({==})) method.
* Supported auto (({Enumerable})) inclusion for classes and
modules that have (({each})) method.
==== Ruby/GIO2
* Improvements
* (({Gio::Settings#initialize})): Added backward compatible API
again.
* Fixes
* Supported GIO 2.38 or earlier again.
==== Ruby/Pango
* Fixes
* (({Pango::LayoutLine#x_to_index})): Fixed a crash bug.
* Windows: Updated bundled HarfBuzz to 1.4.1.
* Windows: Updated bundled ICU to 58.2.
==== Ruby/GdkPixbuf2
* Improvements
* (({GdkPixbuf::Pixbuf#save_to_buffer})): Supported again but it's
deprecated. Use (({GdkPixbuf::Pixbuf#save})) instead.
* Windows: Updated bundled gdk-pixbuf to 2.36.4.
==== Ruby/GDK3
* Improvements
* Windows: Updated bundled GTK+ to 3.22.7.
==== Ruby/GTK3
* Improvements
* (({Gtk::TreeViewColumn#initialize})): Supported option Hash.
[GitHub#958][Patch by Detlef Wagner]
* Updated samples. [Patch by cedlemo]
* (({Gtk::Dialog#get_widget_for_response_id})): Supported
(({Symbol})) as response ID.
[GitHub#978][Patch by Detlef Wagner]
* (({Gtk::Container#add})): Changed to return (({self})) again.
* Windows: u
==== Ruby/Poppler
* Fixes
* (({Poppler::IndexIter})): Fixed a crash bug.
* (({Poppler::IndexIter#child})): Added a missing (({NULL}))
check.
* Fixed types of action classes. They must be (({GLib::Boxed})).
==== Ruby/GStreamer
* Improvements
* Windows: Updated bundled GStreamer to 1.10.2.
==== Ruby/ClutterGStreamer
* Improvements
* Windows: Updated bundled Clutter-GStreamer to 3.0.22.
==== Ruby/GtkSourceView3
* Improvements
* Windows: Updated bundled GtkSourceView to 3.22.2.
==== Ruby/GSF
* Improvements
* Windows: Updated bundled GSF to 1.14.41.
=== Thanks
* Detlef Wagner
* cedlemo
* PeterWAWood
|
|
Upstream changes:
7.22 2017-01-25
- Added ports method to Mojo::Server::Daemon.
- Added remove_tree method to Mojo::File.
- Improved spurt method in Mojo::File with support for writing multiple chunks
at once.
7.21 2017-01-21
- Added extract_usage function to Mojo::Util.
- Improve getopt function in Mojo::Util to use @ARGV by default.
|
|
Add missing DEPENDS
Upstream changes:
0.204004 2017-01-26 18:29:34+01:00 Europe/Amsterdam
[ BUG FIXES ]
* GH #1307: Fix breakage of Template::Toolkit, caused by
previous release. (Peter SysPete Mottram)
0.204003 2017-01-25 15:21:40-06:00 America/Chicago
[ BUG FIXES ]
* GH #1299: Fix missing CPANTS prereqs (Mohammad S. Anwar)
[ ENHANCEMENTS ]
* GH #1249: Improve consistency with Template::Toolkit,
using correct case for 'include_path', 'stop_tag', 'end_tag',
and 'start_tag', removing ANYCASE option.
(Klaus Ita)
* Call route exception hook before logging an error, allowing devs to
raise their own errors bedore D2 logging takes over. (Andy Beverley)
[ DOCUMENTATION ]
* Add another example of the delayed asynchronous mechanism
(Ed @mohawk2 J., Sawyer X)
* GH #1291: Document 'change_session_id' in Dancer2::Core::App.
(Peter SysPete Mottram)
* Fix typo in Dancer2::Core::Response (Gregorr Herrmann)
* Document Dancer2::Plugin::RootURIFor (Mario Zieschang)
|
|
Changes:
Version 4.7.2
* Remote code execution (RCE) in PHPMailer – No specific issue appears to
affect WordPress or any of the major plugins we investigated but, out of an
abundance of caution, we updated PHPMailer in this release. This issue was
reported to PHPMailer by Dawid Golunski and Paul Buonopane.
* The REST API exposed user data for all users who had authored a post of a
public post type. WordPress 4.7.1 limits this to only post types which have
specified that they should be shown within the REST API. Reported by
Krogsgard and Chris Jean.
* Cross-site scripting (XSS) via the plugin name or version header on
update-core.php. Reported by Dominik Schilling of the WordPress Security
Team.
* Cross-site request forgery (CSRF) bypass via uploading a Flash file. Reported
by Abdullah Hussam.
* Cross-site scripting (XSS) via theme name fallback. Reported by Mehmet Ince.
* Post via email checks mail.example.com if default settings aren’t changed.
Reported by John Blackbourn of the WordPress Security Team.
* A cross-site request forgery (CSRF) was discovered in the accessibility mode
of widget editing. Reported by Ronnie Skansing.
* Weak cryptographic security for multisite activation key. Reported by Jack.
Version 4.7.1
* The user interface for assigning taxonomy terms in Press This is shown to
users who do not have permissions to use it. Reported by David Herrera of
Alley Interactive.
* WP_Query is vulnerable to a SQL injection (SQLi) when passing unsafe data.
WordPress core is not directly vulnerable to this issue, but we’ve added
hardening to prevent plugins and themes from accidentally causing a
vulnerability. Reported by Mo Jangda (batmoo).
* A cross-site scripting (XSS) vulnerability was discovered in the posts list
table. Reported by Ian Dunn of the WordPress Security Team.
|
|
Requestd by Jesus Cea on pkgsrc-users@NetBSD.org maling list.
|
|
* Sync with firefox45-45.7.0
|
|
Security fixes:
#CVE-2017-5375: Excessive JIT code allocation allows bypass of ASLR and DEP
#CVE-2017-5376: Use-after-free in XSL
#CVE-2017-5378: Pointer and frame data leakage of Javascript objects
#CVE-2017-5380: Potential use-after-free during DOM manipulations
#CVE-2017-5390: Insecure communication methods in Developer Tools JSON viewer
#CVE-2017-5396: Use-after-free with Media Decoder
#CVE-2017-5383: Location bar spoofing with unicode characters
#CVE-2017-5386: WebExtensions can use data: protocol to affect other extensions
#CVE-2017-5373: Memory safety bugs fixed in Firefox 51 and Firefox ESR 45.7
|
|
* Sync with firefox-51.0.1
|
|
Changelog:
Fixed
Geolocation not working on Windows (Bug 1333516)
Multiprocess incompatibility did not correctly register with some add-ons (Bug 1333423)
|
|
|
|
restore oss build by linking ossaudio (follow same format as alsa).
|
|
[core] TCP latency optimization
[core] provide tag to include other YAML files from the configuration file
[core] accept sequence of mappings for path-level configuration
[core] fix broken support for TCP Fast Open in OS X
[access-log] provide directive to emit request-level errors
[access-log] emit values of all set-cookie headers concatenated
[fastcgi] fix connection failure when fastcgi.spawn is used with an uid
[file] more pre-defined MIME types
[http2][proxy] recognize link rel=preload headers in interim response as a trigger to push resources
[http1][http2] validate characters used in the headers
[http1][http2] notify error downstream when an error occurred while generating a response
[http1][http2] fix resource leak upon upgrade failure to HTTP/2
[http2] add http2-push-preload directive to turn off H2 push being initiated by link rel=preload header
[http2] add support for cache-digest header
[http2] drop host header in HTTP/2 layer
[http2] don't use etag for calculating casper cookie
[http2] add support for H2 debug state
[mruby] add dos_detector mruby handler
[mruby] add DSL for access control lists (acl)
[mruby] share mruby state and constants between handlers
[mruby] add library for address-block-based access control
[proxy] add an option to connect to upstream using PROXY protocol
[proxy] don't escape : in URI path
[proxy] preserve received URLs as much as possible
[proxy] add an option to prevent emiting x-forwarded-* headers
[proxy] cache TLS session used for upstream connections
[proxy] turn on/off on-the-fly compression based on the x-compress-hint header
[ssl] set add_lock callback to prevent unnecessary lock-add-unlock
[ssl] add support for OpenSSL 1.1.0
[status] collect and report HTTP statistics
[status] report additional stats when jemalloc is used
[throttle] add new handler for throttling the response bandwidth
[libh2o] provide h2o_rand that calls the appropriate random function depending on the OS
[libh2o] do not require use of picohttpparser.h when using the HTTP/1 client
[libh2o] install library files to the correct location
[misc] provide crash-handler directive to customize crash logging
[misc] guess the default location of h2o.conf
[misc] allow to disable libuv even when it is found
[misc] add font/woff2 to the default mime-type mapping
[misc] mark JavaScript and JSON files as compressible by default
|
|
We fixed memory leak bug which only occurs in server side session. Client side sessions are not affected. This bug was detected by LLVM libFuzzer with HTTP/2 corpus that h2o
project uses. Due to the bad code path which nullifies next pointers of linked list in a certain condition, nghttp2_stream object is not going to be freed. We highly encourage to upgrade the existing installation to this latest version.
|
|
* Renew test key pair
* Fix OpenSSL 1.1.0 deprecation warnings
* spdylay: compile against openssl-1.1.0
It fails to compile against openssl 1.1.0 due to things like
|shrpx_client_handler.cc:90:30: error: 'strerror' was not declared in this scope
|shrpx_listen_handler.cc:112:32: error: 'memset' was not declared in this scope
|shrpx_listen_handler.cc:114:43: error: 'memcpy' was not declared in this scope
This resolves it.
* spdycat: Fix leak in SpdySession.reqvec
* Compile with IRIX 6.5.22 using GCC-4.7.4
* Remove CREDENTIAL frame processing completely
We just left API as is, but related functions just do nothing now.
* Allocate stream ID when spdylay_submit_{syn_stream,request} is called
This commit allocates stream ID when spdylay_submit_syn_stream and
spdylay_submit_request is called. Also create stream when
spdylay_session_predicate_syn_stream_send is failed, to provide
stream to user callback (e.g., on_ctrl_not_send_callback).
Allocating stream ID early ensures that we can create stream because
we can catch stream ID exhaustion early and fail fast. Since stream
ID is allocated serially, we have to send SYN_STREAM in the order
they queued. So now all queued syn_stream have the same priority
(lowest). The DATA frame has given priority by application. This
does not work well with CREDENTIAL frame, since SYN_STREAM may wait
for CREDENTIAL, which results in out of order transmission. Since
CREDENTIAL frame was deprecated in SPDY/3.1, and no one use it, we
remove its functionality in the later commit.
* spdycat: --proxy-port, not --proxyport
* spdycat: Check :host header field for SNI, since Host header is not allowed
* spdycat: Update spdycat --help output for --header
* spdycat: Fix resource leak found by coverity scan
|
|
* Sync with firefox-51.0
* Add ka and kab locales
* Remove be locale
|
|
Changelog:
New
Users can view passwords in the save password prompt before saving them
Added a zoom button in the URL bar:
Displays percent above or below 100 percent when a user has changed the page zoom setting from the default
Lets users return to the default setting by clicking on the button
Improved video performance for users without GPU acceleration for less CPU usage and a better full screen experience
Firefox will save passwords even in forms that do not have “submit” events
Added support for FLAC (Free Lossless Audio Codec) playback
Added support for WebGL 2, with advanced graphics rendering features like transform feedback, improved texturing capabilities, and a new sophisticated shading language
A warning is displayed when a login page does not have a secure connection
Added Georgian (ka) and Kabyle (kab) locales
An even faster E10s! Tab Switching is better!
Improved reliability of browser data sync
Remove Belarusian (be) locale
Fixed
Various security fixes
Changed
Use 2D graphics library (Skia) for content rendering on Linux
Re-enabled E10s support for Russian (ru) locale
Updated to NSS 3.28.1
Security fixes:
#CVE-2017-5375: Excessive JIT code allocation allows bypass of ASLR and DEP
#CVE-2017-5376: Use-after-free in XSL
#CVE-2017-5377: Memory corruption with transforms to create gradients in Skia
#CVE-2017-5378: Pointer and frame data leakage of Javascript objects
#CVE-2017-5379: Use-after-free in Web Animations
#CVE-2017-5380: Potential use-after-free during DOM manipulations
#CVE-2017-5390: Insecure communication methods in Developer Tools JSON viewer
#CVE-2017-5389: WebExtensions can install additional add-ons via modified host requests
#CVE-2017-5396: Use-after-free with Media Decoder
#CVE-2017-5381: Certificate Viewer exporting can be used to navigate and save to arbitrary filesystem locations
#CVE-2017-5382: Feed preview can expose privileged content errors and exceptions
#CVE-2017-5383: Location bar spoofing with unicode characters
#CVE-2017-5384: Information disclosure via Proxy Auto-Config (PAC)
#CVE-2017-5385: Data sent in multipart channels ignores referrer-policy response headers
#CVE-2017-5386: WebExtensions can use data: protocol to affect other extensions
#CVE-2017-5394: Android location bar spoofing using fullscreen and JavaScript events
#CVE-2017-5391: Content about: pages can load privileged about: pages
#CVE-2017-5392: Weak references using multiple threads on weak proxy objects lead to unsafe memory usage
#CVE-2017-5393: Remove addons.mozilla.org CDN from whitelist for mozAddonManager
#CVE-2017-5395: Android location bar spoofing during scrolling
#CVE-2017-5387: Disclosure of local file existence through TRACK tag error messages
#CVE-2017-5388: WebRTC can be used to generate a large amount of UDP traffic for DDOS attacks
#CVE-2017-5374: Memory safety bugs fixed in Firefox 51
#CVE-2017-5373: Memory safety bugs fixed in Firefox 51 and Firefox ESR 45.7
|
|
|
|
Upstream changes:
0.27: # 2016-10-28T12:59:00+0100
- Unbreak with Elasticeasrch 5.0. See https://rt.cpan.org/Public/Bug/Display.html?id=118425
|
|
6.16 2017-01-12
- Moved LWP::Protocol::GHTTP into its own dist and removed from here (PR#81)
- Updated test suite to use strict/warnings and Test::More (PR#88)
- Additional tests for UserAgent coverage (PR#79)
- Cleaned up documentation formatting and fixed several typos (PR#87, PR#93)
- Stop promoting use of HTTP::Cookies and instead use HTTP::CookieJar::LWP (PR#102)
- Added some new documentation to UserAgent and tutorial (PR#68)
- Allow default header to carry over when using ->post() in UA (PR#100)
|
|
|
|
with an imagelib option.
|
|
Changelog:
Version 11.0.1 January 16 2017
Changes
Server
Safari CSPv3 support is sub-par (server/2699)
Fix legacy DAV endpoint (server/2685)
Use unmasked permissions in shared scanner (server/2696)
Do not connect to database before creating it (server/2703)
Fix todo list activity filter (server/2746)
Changed anchor in settings page (server/2805)
Also check in cron for old php version (server/2809)
Add DAV repair step to fix calendar data (server/2807)
Only log as info when we can not create a new DB user (server/2750)
Fix wording for apps mgmt buttons (server/2751)
Use a form so firefox doesn't try to save the space as a password (server/2804)
Fix overwriting parameter (server/2825)
Applied security hardening in SwiftMailer (core/2882)
Don't set Content-Disposition header if one already exists (server/2949)
Don't link to the oC forum (server/2988)
Set redirect_url on 2FA challenge page (server/2981)
Dont write a certificate bundle if the shipped ca bundle is empty (server/2994)
Remove group restrictions when those are not allowed anymore (server/2980)
Activity
Update docs and samples (activity/92)
Make sure the preview URLs are absolute (activity/91)
User_SAML
Update SAML library (user_saml/64))
Make the JS work with sudo mode (user_saml/71))
Enabled strict mode (user_saml/75))
files_retention
Delete job if tag not found (files_retention/18)
Also included is a precautionary update for a recent SwiftMailer security issue.
|
|
Version 0.11.15
---------------
Released on December 30th 2016.
- Bugfix for the bugfix in the previous release.
Version 0.11.14
---------------
Released on December 30th 2016.
- Check if platform can fork before importing ``ForkingMixIn``, raise exception
when creating ``ForkingWSGIServer`` on such a platform, see PR ``#999``.
Version 0.11.13
---------------
Released on December 26th 2016.
- Correct fix for the reloader issuer on certain Windows installations.
Version 0.11.12
---------------
Released on December 26th 2016.
- Fix more bugs in multidicts regarding empty lists. See ``#1000``.
- Add some docstrings to some `EnvironBuilder` properties that were previously
unintentionally missing.
- Added a workaround for the reloader on windows.
Version 0.11.11
---------------
Released on August 31st 2016.
- Fix JSONRequestMixin for Python3. See #731
- Fix broken string handling in test client when passing integers. See #852
- Fix a bug in ``parse_options_header`` where an invalid content type
starting with comma or semi-colon would result in an invalid return value,
see issue ``#995``.
- Fix a bug in multidicts when passing empty lists as values, see issue
``#979``.
- Fix a security issue that allows XSS on the Werkzeug debugger. See ``#1001``.
|
|
|
|
Flask-Webpack ties Webpack and Flask together. It exposes a few
global template tags so that you can work with assets in your jinja
templates and it works with any wsgi server.
|
