| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
* Sync with www/firefox-55.0.2
|
|
Changelog:
Fixed
Fix a potential issue when the username had some specific characters in the path (Bug 1388584)
Fix an issue with new installation notification for sideload add-ons (Bug 1372448)
Fix performance regressions with WebExtension (Bugs 1386937 & 1389381)
Fix a regression with the popup menu (Bug 1388682)
|
|
pkgsrc change: Drop dependency to php-mysqli.
Quote from release announce:
The bugfix release fixes several issues including problems with the back end
referer management and the front end preview.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
(Anyone using this package? Last release 2010, no upstream.)
|
|
|
|
|
|
Bug fix: Handle relative Location headers
|
|
* Bump PKGREVISION
* Fix PR pkg/52487
|
|
This release includes the following bugfixes:
o build: fix 'make install' with configure, install docs/libcurl/* too
o make install: add 8 missing man pages to the installation
o curl: do bounds check using a double comparison [1]
o dist: Add dictserver.py/negtelnetserver.py to release [2]
o digest_sspi: Don't reuse context if the user/passwd has changed [3]
o gitignore: ignore top-level .vs folder [4]
o build: check out *.sln files with Windows line endings [5]
o travis: verify "make install" [6]
o dist: fix the cmake build by shipping cmake_uninstall.cmake.in too [7]
o metalink: fix error: ‘*’ in boolean context, suggest ‘&&’ instead
o configure: use the threaded resolver backend by default if possible [8]
o mkhelp.pl: allow executing this script directly [9]
o maketgz: remove old *.dist files before making the tarball [10]
o openssl: remove CONST_ASN1_BIT_STRING [11]
o openssl: fix "error: this statement may fall through"
o proxy: fix memory leak in case of invalid proxy server name [12]
o curl/system.h: support more architectures (OpenRISC, ARC) [13]
o docs: fix typos [14]
o curl/system.h: add Oracle Solaris Studio [15]
o CURLINFO_TOTAL_TIME: could wrongly return 4200 seconds [16]
o docs: --connect-to clarified
o cmake: allow user to override CMAKE_DEBUG_POSTFIX [17]
o travis: test cmake build on tarball too
o redirect: make it handle absolute redirects to IDN names [18]
o curl/system.h: fix for gcc on PowerPC [19]
o curl --interface: fixed for IPV6 unique local addresses [20]
o cmake: threads detection improvements [21]
|
|
Changelog:
Tomcat 8.0.45 (violetagg)
Catalina
Fix: 61101: CORS filter should set Vary header in response. Submitted by Rick Riemer. (remm)
Add: 61105: Add a new JULI FileHandler configuration for specifying the maximum number of days to keep the log files. (violetagg)
Fix: 61125: Ensure that WarURLConnection returns the correct value for calls to getLastModified() as this is required for the correct detection of JSP modifications when the JSP is packaged in a WAR file. (markt)
Fix: Improve the SSLValve so it is able to handle client certificate headers from Nginx. Based on a patch by Lucas Ventura Carro. (markt)
Fix: 61154: Allow the Manager and Host Manager web applications to start by default when running under a security manager. This was accomplished by adding a custom permission, org.apache.catalina.security.DeployXmlPermission, that permits an application to use a META-INF/context.xml file and then granting that permission to the Manager and Host Manager. (markt)
Fix: 61173: Polish the javadoc for o.a.catalina.startup.Tomcat. Patch provided by peterhansson_se. (violetagg)
Add: A new configuration property crawlerIps is added to the o.a.catalina.valves.CrawlerSessionManagerValve. Using this property one can specify a regular expression that will be used to identify crawlers based on their IP address. Based on a patch provided by Tetradeus. (violetagg)
Fix: 61180: Log a warning message rather than an information message if it takes more than 100ms to initialised a SecureRandom instance for a web application to use to generate session identifiers. Patch provided by Piotr Chlebda. (markt)
Fix: 61185: When an asynchronous request is dispatched via AsyncContext.dispatch() ensure that getRequestURI() for the dispatched request matches that of the original request. (markt)
Fix: 61201: Ensure that the SCRIPT_NAME environment variable for CGI executables is populated in a consistent way regardless of how the CGI servlet is mapped to a request. (markt)
Fix: 61215: Correctly define addConnectorPort and invalidAuthenticationWhenDeny in the mbean-descriptors.xml file for the org.apache.catalina.valves package so that the attributes are accessible via JMX. (markt)
Coyote
Fix: 61086: Explicitly signal an empty request body for HTTP 205 responses. (markt)
Fix: Revert a change introduced in the fix for bug 60718 that changed the status code recorded in the access log when the client dropped the connection from 200 to 500. (markt)
Fix: Make asynchronous error handling more robust. In particular ensure that onError() is called for any registered AsyncListeners after an I/O error on a non-container thread. (markt)
Jasper
Fix: 44787: Improve error message when JSP compiler configuration options are not valid. (markt)
Fix: 61137: j.s.jsp.tagext.TagLibraryInfo#uri and j.s.jsp.tagext.TagLibraryInfo#prefix fields should not be final. Patch provided by Katya Todorova. (violetagg)
WebSocket
Fix: Correct the log message when a MessageHandler for PongMessage does not implement MessageHandler.Whole. (rjung)
Fix: Improve thread-safety of Futures used to report the result of sending WebSocket messages. (markt)
Fix: 61183: Correct a regression in the previous fix for 58624 that could trigger a deadlock depending on the locking strategy employed by the client code. (markt)
Web applications
Fix: Better document the meaning of the trimSpaces option for Jasper. (markt)
Fix: 61150: Configure the Manager and Host-Manager web applications to permit serialization and deserialization of CRSFPreventionFilter related session objects to avoid warning messages and/or stack traces on web application stop and/or start when running under a security manager. (markt)
Other
Add: 45832: Add HTTP DIGEST authentication support to the Catalina Ant tasks used to communicate with the Manager application. (markt)
Fix: 45879: Add the RELEASE-NOTES file to the root of the installation created by the Tomcat installer for Windows to make it easier for users to identify the installed Tomcat version. (markt)
Fix: 61055: Clarify the code comments in the rewrite valve to make clear that there are no plans to provide proxy support for this valve since Tomcat does not have proxy capbilities. (markt)
Fix: 61076: Document the altDDName attribute for the Context element. (markt)
Fix: Correct typo in Jar Scan Filter Configuration Reference. Issue reported via comments.apache.org. (violetagg)
Fix: 61145: Add missing @Documented annotation to annotations in the annotations API. Patch provided by Katya Todorova. (markt)
Fix: 61146: Add missing lookup() method to @EJB annotation in the annotations API. Patch provided by Katya Todorova. (markt)
Fix: Correct typo in Context Container Configuration Reference. Patch provided by Katya Todorova. (violetagg)
|
|
Changelog:
Tomcat 7.0.79 (violetagg)
Catalina
fix 61101: CORS filter should set Vary header in response. Submitted by Rick Riemer. (remm)
add 61105: Add a new JULI FileHandler configuration for specifying the maximum number of days to keep the log files. (violetagg)
fix Improve the SSLValve so it is able to handle client certificate headers from Nginx. Based on a patch by Lucas Ventura Carro. (markt)
fix 61154: Allow the Manager and Host Manager web applications to start by default when running under a security manager. This was accomplished by adding a custom permission, org.apache.catalina.security.DeployXmlPermission, that permits an application to use a META-INF/context.xml file and then granting that permission to the Manager and Host Manager. (markt)
fix 61173: Polish the javadoc for o.a.catalina.startup.Tomcat. Patch provided by peterhansson_se. (violetagg)
add A new configuration property crawlerIps is added to the o.a.catalina.valves.CrawlerSessionManagerValve. Using this property one can specify a regular expression that will be used to identify crawlers based on their IP address. Based on a patch provided by Tetradeus. (violetagg)
fix 61180: Log a warning message rather than an information message if it takes more than 100ms to initialised a SecureRandom instance for a web application to use to generate session identifiers. Patch provided by Piotr Chlebda. (markt)
fix 61185: When an asynchronous request is dispatched via AsyncContext.dispatch() ensure that getRequestURI() for the dispatched request matches that of the original request. (markt)
fix 61201: Ensure that the SCRIPT_NAME environment variable for CGI executables is populated in a consistent way regardless of how the CGI servlet is mapped to a request. (markt)
fix 61215: Correctly define addConnectorPort and invalidAuthenticationWhenDeny in the mbean-descriptors.xml file for the org.apache.catalina.valves package so that the attributes are accessible via JMX. (markt)
Coyote
fix 61086: Explicitly signal an empty request body for HTTP 205 responses. (markt)
fix Revert a change introduced in the fix for bug 60718 that changed the status code recorded in the access log when the client dropped the connection from 200 to 500. (markt)
fix Make asynchronous error handling more robust. In particular ensure that onError() is called for any registered AsyncListeners after an I/O error on a non-container thread. (markt)
Jasper
fix 44787: Improve error message when JSP compiler configuration options are not valid. (markt)
WebSocket
fix Correct the log message when a MessageHandler for PongMessage does not implement MessageHandler.Whole. (rjung)
fix Improve thread-safety of Futures used to report the result of sending WebSocket messages. (markt)
fix 61183: Correct a regression in the previous fix for 58624 that could trigger a deadlock depending on the locking strategy employed by the client code. (markt)
Web applications
fix Better document the meaning of the trimSpaces option for Jasper. (markt)
fix 61150: Configure the Manager and Host-Manager web applications to permit serialization and deserialization of CRSFPreventionFilter related session objects to avoid warning messages and/or stack traces on web application stop and/or start when running under a security manager. (markt)
Tribes
add Add JMX support for Tribes components. (kfujino)
Other
add 45832: Add HTTP DIGEST authentication support to the Catalina Ant tasks used to communicate with the Manager application. (markt)
fix 45879: Add the RELEASE-NOTES file to the root of the installation created by the Tomcat installer for Windows to make it easier for users to identify the installed Tomcat version. (markt)
fix 61076: Document the altDDName attribute for the Context element. (markt)
fix 61145: Add missing @Documented annotation to annotations in the annotations API. Patch provided by Katya Todorova. (markt)
fix 61146: Add missing lookup() method to @EJB annotation in the annotations API. Patch provided by Katya Todorova. (markt)
fix Correct typo in Context Container Configuration Reference. Patch provided by Katya Todorova. (violetagg)
|
|
Changelog:
Tomcat 8.5.20 (markt)
Catalina
Fix: Revert the fix for 49464 since it continued to trigger regressions. (markt)
Fix: Correct a bug in the PushBuilder implementation that meant push URLs containing %nn sequences were not correctly decoded. Identified by FindBugs. (markt)
Add: 61164: Add support for the %X pattern in the AccessLogValve that reports the connection status at the end of the request. Patch provided by Zemian Deng. (markt)
Fix: 61351: Correctly handle %nn decoding of URL patterns in web.xml and similar locations that may legitimately contain characters that are not permitted by RFC 3986. (markt)
Add: 61366: Add a new attribute, localDataSource, to the JDBCStore that allows the Store to be configured to use a DataSource defined by the web application rather than the default of using a globally defined DataSource. Patch provided by Jonathan Horowitz. (markt)
Coyote
Fix: 61086: Ensure to explicitly signal an empty request body for HTTP 205 responses. Additional fix to r1795278. Based on a patch provided by Alexandr Saperov. (violetagg)
Update: 61345: Add a server listener that can be used to do system property replacement from the property source configured in the digester. (remm)
Add: Add additional logging to record problems that occur while waiting for the NIO pollers to stop during the Connector stop process. (markt)
Jasper
Fix: 61364: Ensure that files are closed after detecting encoding of JSPs so that files do not remain locked by the file system. (markt)
WebSocket
Add: 57767: Add support to the WebSocket client for following redirects when attempting to establish a WebSocket connection. Patch provided by J Fernandez. (markt)
2017-07-28 Tomcat 8.5.19 (markt)
Catalina
Fix: Performance improvements for service loader look-ups (and look-ups of other class loader resources) when the web application is deployed in a packed WAR file. (markt)
Fix: 61253: Add warn message when Digester.updateAttributes throws an exception instead of ignoring it. (csutherl)
Fix: Correct a further regression in the fix for 49464 that could cause an byte order mark character to appear at the start of content included by the DefaultServlet. (markt)
Fix: 61313: Make the read timeout configurable in the JNDIRealm and ensure that a read timeout will result in an attempt to fail over to the alternateURL. Based on patches by Peter Maloney and Felix Schumacher. (markt)
Web applications
Fix: Correct the documentation for how StandardRoot is configured. (markt)
Other
Fix: 61316: Fix corruption of UTF-16 encoded source files in released source distributions. (markt)
Tomcat 8.5.18 (markt)
Catalina
Fix: 61232: When log rotation is disabled only one separator will be used when generating the log file name. For example if the prefix is catalina. and the suffix is .log then the log file name will be catalina.log instead of catalina..log. Patch provided by Katya Stoycheva. (violetagg)
Fix: 61264: Correct a regression in the refactoring to use Charset rather than String to store request character encoding that prevented getReader() throwing an UnsupportedEncodingException if the user agent specifies an unsupported character encoding. (markt)
Fix: Correct a regression in the fix for 49464 that could cause an incorrect Content-Length header to be sent by the DefaultServlet if the encoding of a static is not consistent with the encoding of the response. (markt)
Coyote
Fix: Enable TLS connectors to use Java key stores that contain multiple keys where each key has a separate password. Based on a patch by Frank Taffelt. (markt)
Fix: Improve the handling of HTTP/2 stream resets due to excessive headers when a continuation frame is used. (markt)
Jasper
Add: 53031: Add support for the fork option when compiling JSPs with the Jasper Ant task and javac. (markt)
Other
Add: 52791: Add the ability to set the defaults used by the Windows installer from a configuration file. Patch provided by Sandra Madden. (markt)
Tomcat 8.5.17 (markt)
Catalina
Fix: 49464: Improve the Default Servlet's handling of static files when the file encoding is not compatible with the required response encoding. (markt)
Fix: 61214: Remove deleted attribute servlets from the Context MBean description. Patch provided by Alexis Hassler. (markt)
Fix: 61215: Correctly define addConnectorPort and invalidAuthenticationWhenDeny in the mbean-descriptors.xml file for the org.apache.catalina.valves package so that the attributes are accessible via JMX. (markt)
Fix: Make asynchronous error handling more robust. In particular ensure that onError() is called for any registered AsyncListeners after an I/O error on a non-container thread. (markt)
Fix: Additional permission for deleting files is granted to JULI as it is required by FileHandler when running under a Security Manager. The thread that cleans the log files is marked as daemon thread. (violetagg)
Fix: 61229: Correct a regression in 8.5.15 that broke WebDAV handling for resources with names that included a & character. (markt)
Coyote
Fix: Restore the ability to configure support for SSLv3. Enabling this protocol will trigger a warning in the logs since it is known to be insecure. (markt)
Fix: Do not log a warning when a null session is returned for an OpenSSL based TLS session since this is expected when session tickets are enabled. (markt)
Fix: When the access log valve logs a TLS related request attribute and the NIO2 connector is used with OpenSSL, ensure that the TLS attric SSL session access for the APR connector. (remm)
Add: To ease migration from 8.0.x to 8.5.x, if the HTTP or AJP BIO connector is explicitly configured, rather than failing to start the connector because BIO has been removed, automatically switch to tribute searchExternalFirst from the documentation since the attribute is no longer supported. (markt)
2017-06-26 Tomcat 8.5.16 (markt)
Catalina
Fix: 61072: Respect the documentation statements that allow using the platform default secure random for session id generation. (remm)
Fix: Correct the javadoc for o.a.c.connector.CoyoteAdapter#parseSessionCookiesId. Patch provided by John Andrew (XUZHOUWANG) via Github. (violetagg)
Fix: 61101: CORS filter should set Vary header in response. Submitted by Rick Riemer. (remm)
Add: 61105: Add a new JULI FileHandler configuration for specifying the maximum number of days to keep the log files. (violetagg)
Fix: 61125: Ensure that WarURLConnection returns the correct value for calls to getLastModified() as this is required for the correct detection of JSP modifications when the JSP is packaged in a WAR file. (markt)
Fix: Improve the SSLValve so it is able to handle client certificate headers from Nginx. Based on a patch by Lucas Ventura Carro. (markt)
Fix: 61134: Do not use '[' and ']' symbols around substituted text fragments when generating the default error pages. Patch provided by Katya Todorova. (violetagg)
Fix: 61154: Allow the Manager and Host Manager web applications to start by default when running under a security manager. This was accomplished by adding a custom permission, org.apache.catalina.security.DeployXmlPermission, that permits an application to use a META-INF/context.xml file and then granting that permission to the Manager and Host Manager. (markt)
Fix: 61173: Polish the javadoc for o.a.catalina.startup.Tomcat. Patch provided by peterhansson_se. (violetagg)
Add: A new configuration property crawlerIps is added to the o.a.catalina.valves.CrawlerSessionManagerValve. Using this property one can specify a regular expression that will be used to identify crawlers based on their IP address. Based on a patch provided by Tetradeus. (violetagg)
Fix: 61180: Log a warning message rather than an information message if it takes more than 100ms to initialised a SecureRandom instance for a web application to use to generate session identifiers. Patch provided by Piotr Chlebda. (markt)
Fix: 61185: When an asynchronous request is dispatched via AsyncContext.dispatch() ensure that getRequestURI() for the dispatched request matches that of the original request. (markt)
Fix: 61197: Ensure that the charset name used in the Content-Type header has exactly the same form as that provided by the application. This reverts a behavioural change in 8.5.15 that caused problems for some clients. (markt)
Fix: 61201: Ensure that the SCRIPT_NAME environment variable for CGI executables is populated in a consistent way regardless of how the CGI servlet is mapped to a request. (markt)
Coyote
Fix: 61086: Explicitly signal an empty request body for HTTP 205 responses. (markt)
Fix: 61120: Do not ignore path parameters when processing HTTP/2 requests. (markt)
Fix: Revert a change introduced in the fix for bug 60718 that changed the status code recorded in the access log when the client dropped the connection from 200 to 500. (markt)
Fix: Add additional syncs to the SSL session object provided by the OpenSSL engine so that a concurrent destruction cannot cause a JVM crash. (remm)
Fix: 61195: Backport, with deprecation where appropriate, the endpoint and protocol property changes from 9.0.x to ease migration from 8.5.x to 9.0.x. (markt)
Jasper
Fix: 44787: Improve error message when JSP compiler configuration options are not valid. (markt)
Fix: 61137: j.s.jsp.tagext.TagLibraryInfo#uri and j.s.jsp.tagext.TagLibraryInfo#prefix fields should not be final. Patch provided by Katya Todorova. (violetagg)
WebSocket
Fix: Correct the log message when a MessageHandler for PongMessage does not implement MessageHandler.Whole. (rjung)
Add: Introduce new API o.a.tomcat.websocket.WsSession#suspend/ o.a.tomcat.websocket.WsSession#resume that can be used to suspend/resume reading of the incoming messages. (violetagg)
Fix: Improve thread-safety of Futures used to report the result of sending WebSocket messages. (markt)
Fix: 61183: Correct a regression in the previous fix for 58624 that could trigger a deadlock depending on the locking strategy employed by the client code. (markt)
Web applications
Fix: Better document the meaning of the trimSpaces option for Jasper. (markt)
Fix: 61150: Configure the Manager and Host-Manager web applications to permit serialization and deserialization of CRSFPreventionFilter related session objects to avoid warning messages and/or stack traces on web application stop and/or start when running under a security manager. (markt)
Fix: Correct the TLS configuration documentation to remove SSLv2 and SSLv3 from the list of supported protocols. (markt)
Tribes
Add: Add JMX support for Tribes components. (kfujino)
Other
Add: 45832: Add HTTP DIGEST authentication support to the Catalina Ant tasks used to communicate with the Manager application. (markt)
Fix: 45879: Add the RELEASE-NOTES file to the root of the installation created by the Tomcat installer for Windows to make it easier for users to identify the installed Tomcat version. (markt)
Fix: 61055: Clarify the code comments in the rewrite valve to make clear that there are no plans to provide proxy support for this valve since Tomcat does not have proxy capabilities. (markt)
Fix: 61076: Document the altDDName attribute for the Context element. (markt)
Fix: Correct typo in Jar Scan Filter Configuration Reference. Issue reported via comments.apache.org. (violetagg)
Fix: 61145: Add missing @Documented annotation to annotations in the annotations API. Patch provided by Katya Todorova. (markt)
Fix: 61146: Add missing lookup() method to @EJB annotation in the annotations API. Patch provided by Katya Todorova. (markt)
Fix: Correct typo in Context Container Configuration Reference. Patch provided by Katya Todorova. (violetagg)
|
|
|
|
2.6 (2017-08-08)
++++++++++++++++
- Allows generation of IDNA and UTS 46 table data for different
versions of Unicode, by deriving properties directly from
Unicode data.
- Ability to generate RFC 5892/IANA-style table data
- Diagnostic output of IDNA-related Unicode properties and
derived calculations for a given codepoint
- Support for idna.__version__ to report version
- Support for idna.idnadata.__version__ and
idna.uts46data.__version__ to report Unicode version of
underlying IDNA and UTS 46 data respectively.
|
|
1.86 2017-07-04 15:48:46Z
[FIXED]
- use 127.0.0.1 instead of 'localhost' in a test script to avoid the test
hanging due to ipv6 issues (GH#31, see also changes in 1.85)
|
|
6.04 2017-08-03 15:05:22Z
- Fix package version numbers
|
|
The PLIST lists "siegerc" and "urls.txt" under two different
locations under ${PREFIX}/share/examples/siege, but stage-install
only installs them into one of those locations. Remove the other
paths.
|
|
* Sync with www/firefox-55.0.1
|
|
Changelog:
Fixed
Fix a regression the tab restoration process (bug 1388160)
Fix a problem causing What's new pages not to be displayed (bug 1386224)
Fix a rendering issue with some PKCS#11 libraries (bug 1388370)
Disable the predictor prefetch (bug 1388160)
|
|
Changelog:
Version 10.0.2 May 30 2017
[major] Fix issue with database.xml migration being triggered twice on market app install - core/#27982
[major] Apps formerly marked as shipped can now be uninstalled - core/#27985
[major] Market now properly updates app version when using multiple apps paths - core/#28002
Version 10.0.1 May 23 2017
[major] Clear cached app info before installing app - core/#27953
[major] Fix to allow admin login when using home object store mode - core/#27963
[major] Skeleton files correct copied for shibboleth - core/#27935
[major] Automatically enable market app when upgrading from OC < 10 - core/#27930
[major] Fix issue where market would run app migrations twice in some scenarios - market/#76
[major] Fetch search terms from user backend (ex: LDAP) for more extended user search ability - core/#27906
[major] Added support for upload-only link shares - core/#27548
[major] When enabling default encryption module the admin must now explicitly choose encryption type (master key vs user key) - core/#27512
[major] Fix missing "publicuri" field when upgrading from 9.1.5 - core/#27754
[major] Add options to the user:sync command to handle missing accounts - core/#27798
[major] Maintenance mode now properly blocks syncing on new DAV endpoint - core/#27821
[major] Copy button for multiple link share now copies the correct link - core/#27863
[major] Fix upload issues with IE11 - core/#27875
[major] Allow apps to register multiple settings panels - core/#27885
[major] Account table doesn't sync from user backends that have no listing support - core/#27862
[major] Add events for password validation - core/#27883
[major] Add JS event after external storage mount config is loaded, for UI extensions - core/#27740
[major] Fix theming of setup page by autoloading default_enable theme apps - core/#27819
[major] Allow apps to register custom settings page sections in info.xml - core/#27634
[major] Add admin sharing option to restrict autocomplete to membership groups but still allow typing full name if known - core/#27869
[minor] Market app update now doesn't overwrite local git checkouts - core/#27973
[minor] Delete "appstoreenabled" config value when enabling market - core/#27956
[minor] Do not verify email address when entered by an admin on their personal page - core/#27921
[minor] Fix default share permission issue in public API core/#27927
[minor] Properly rethrow exception when error occurred when enabling an app - core/#27970
[minor] Remove own shares from "Shared with you" section - core/#27972
[minor] Fix updating to daily from 10.0.0 with web updater - updater/#422
[minor] Fix updating to 10.0.1 with web updater - core/#27965
[minor] Removed unused and non-working auto-login after setup - core/#27971
[minor] Fix SMB storage to return false if stat failed - core/#27859
[minor] Update swiftmailer - core/#27897
[minor] Escape filter in search - core/#27900
[minor] Fix file name output in error pages - core/#27808
[minor] Support for alternative login buttons through config.php - core/#27607
[minor] Example theme app renamed to "theme-example" by convention - core/#27632
[minor] Fix missing translation of built-in section names - core/#27645
[minor] Add ability to disable password reset form in config - core/#27676
[minor] Add support for themed radio buttons - core/#27681
[minor] Fix customjs extension handling for external storage apps - core/#27683
[minor] Fix upgrade error with mod_fcgid and PHP 7 - core/#27553
[minor] Remove sharing subtab when link sharing is disallowed - core/#27708
[minor] Add privacy warning in link shares panel - core/#27844
[minor] Fix files app name in navigation menu - core/#27843
[minor] Fix mimetype table code to ignore folder extensions - core/#27668
[minor] Automatically focus the password field in password reset page - core/#27889
[minor] Trashbin restore warnings due to missing entries now logged as debug - core/#27826
[minor] Remove obsolete repair step RemoveOldShares - core/#27737
[minor] "local link" was renamed to "private link" - core/#27594
[minor] Fix column sorting in public file list page - core/#27308
[minor] Don't display error when not connected to market - market/#51
[minor] Fix issue with some apps info formats - market/#49
[minor] Add ability to uninstall apps in market app UI - market/#67
[minor] Improve visual feedback when installing market apps - market/#64
[minor] Don't display license key in config report - configreport/#27
Version 10.0.0 Apr 27 2017
General
Allows users to add the app to the Android homescreen - core/#25438
Compatible with PHP 7.1 - core/#25436
MySQL 4-byte UTF8 support: (utf8mb4 for e.g. Emoticons) - core/#17978
Admin, personal pages and app management are now merged together into a single "Settings" entry - core/#26449
Admin page displays the output of the server's status.php - core/#27238
Also allow using email address for password recovery - core/#27168
Support Redis Cluster - core/#26407
ownCloud log entry reorder - core/#27562
ownCloud log file rules to split into separate files - core/#27443
occ scanner optimized memory usage for large scans by using autocommits - core/#27527
Filesystem
Ability to exclude folders from being processed, like snapshot folders - core/#19235
Checksum is computed on the fly and verified - core/#26655
Files App
Share Link can be copied to the clipboard - core/#25418
Display version sizes in versions panel - core/#26511
Transfer ownership now works for individual folders - core/#27343
Favorite star indicator now visible in the file lists related to sharing (ex: "Shared with you") - core/#19753
User management
Ability to disable users in the users page (enable column first under cog icon) - core/#27333
When changing personal email, an email confirmation is now sent - core/#7326
When password is changed through any means, the user will now receive an email - core/#27498
Change user preferences through OCC - core/#24770
External storage
"Local" storage type can now be disabled by sysadmin in config.php - core/#26653
External storage backends must use the core external storage API to work without files_external - core/#18160
FTP external storage moved to a separate app files_external_ftp
Dav App
CalDAV calendar public sharing - core/#2ultiple link shares - core/#27337
When a recipient moves a file or folder out of a received share, the owner now receives a backup in their trashbin - core/#27042
User avatars now visible in sharing autocomplete dropdown - core/#25976
Minor chang7473
provisioning API now also returns the user's home path - core/#26850
web updater shows link to changelog in admin page - core/#26796
For developers
Users from all user backends are now stored in a central account table, improves perform Added first login event - core/#26206
Added postLogout hook - core/#27048
New column in oc_jobs table to store last duration - core/#27144
Ability to specify offset and limit when doing a REPORT query on a files endpoint - core/#26507
Avatar API via WebDAV - core/#26872
Improve return value support for two factor auth providers API - core/#26593
Apps can now register Sabre plugins in info.xml - core/#26195
REPORT method for files endpoint now allows searching for favorites - core/#26099
Group backends can now return group display names (partial support, only used by sharing autocomplete) - core/#26750
|
|
Changelog:
Changes
Server
Over 100 fixes were merged in the server.
Update broken on PGSQL
Add brackets around concat statements so comparing the result works a…
Can't close PDF preview
Add a repair step to drop the account_terms table on oc migration
[stable12] Fix show password button for password change
[stable12] Enable postgres on drone again
fix overlay on show password
[stable12] Add new bundle
[stable12] proper logo height in emails for Outlook
scan.nextcloud.com causing exception in theming?
Long running php processes: LDAP timeout
X-XSS-Protection header invalid (NextCloud 12.0.0.29)
[stable12] Fix for mb strlen
[stable12] Fix error message on untrusted domain error page
[12] Fix renaming of non-renamble mounts
[12] Also repair storage id's when repairing invalid entries
[12] still remove the federated share even if we cant notify the remote
[stable12] Show warning if PHP 7.2 is used
[stable12] fix preview for public links
[stable12] Fix config.sample.php documentation
[stable12] Add recovery key on public upload
[stable12] Backport translation fixes
[stable12] Enable acceptance tests again on Drone 0.7
[stable12] Backport allow to theme emails
[stable 12] Add ellipsis for app titles in the app menu popover
[stable12] Fix emitting of legacy hook post_unshare
[stable12] Allow overwriting of IOS theming values
Update 3rdparty for "Fix infinite propfinds reporting files as direct…
[12] Fix invalid path repair step not getting all invalid entries
[stable12] Add test to check if new files are added to the root of the repository
[12] null users dont exist
[12] Fix scan permissions with nested permissions masks
[12] fix moving folders out of a cache jail
Moving shared folders doesn't work as expected
Write cert bundle to tmp file first
[12] properly block file upload to non-active filelist
nc beta 4 internal server error due to totp backup codes
[12] Fix propagating changes within jail wrapper
[12] dont die if we try to access the shared cache while setting up the shared storage
hint should not be clickable
Check if Circles is still here
[stable12] Allow dir-listing also when one child is blocked by access control
[stable12] Fix unselecting items on multi select dropdowns
[stable12] Fix remote share activity emails
[stable12] fix alignment of radio button and its label in encryption settings
Remote share emails doesn't show what's shared.
[stable12] Ldap password renewal fixes for NC12
[stable12] Use PNG icons for activity emails and ios client
[stable12] Use the share_folder config for remote shares
[stable12] Don't load navigation entries of restricted apps
[stable12] Don't try to generate logs for chunking paths
[stable12] Don't log passwords on dav exceptions
Use translated Hint instead of english error on password policy
[stable12] Add info text about updates
[stable12] Use base url for cache prefix and SCSS caching
[stable12] Enhance the logging if the part file can not be renamed
[stable12] Improved logging for object storage and trashbin
[stable12] Fix more icon in apps menu on bright backgrounds
[stable12] Use realpath to obtain the webroot
[stable12] Don't create activities for email and password change before login
[stable12] Allow to force a language and set it via the ocs api
[stable12] Create users in non default backends first
Progress bar message completely wrong with multi-GB file upload
[stable12] Fix example theme
[stable12] Don't try to save the setting when its not an admin
Update layout.user.php
Fix upload remaining time and uploadrate value
[stable12] App menu fixes
[stable12] Allow to find local users by their email address
[stable12] Treat PHP Errors on User session regenerate
[stable12] Ldap attempt reconnect stable12
[stable12] allow users to send PropPatch request when calendar is group-shared with them
[stable12] urldecode group principals in Cal- and CardDAV backend
[stable12] Use the guest.css for the maintenance page as well
[stable12] Fixed a crash caused by Local::copyFromStorage() not conforming to Co…
[stable12] Make file name input tooltip error text change
Translate OAuth2 in stable12
[stable12] Localize contacts menu search input placeholder
[stable12] Prevent sending second WWW-Authenticate header
[stable12] don't try to encrypt/decrypt the certificate bundle
[stable12] allow PropPatch requests to contact_birthdays
[stable12] Fix username and avatar for external users
[stable12] Fix tag label removed when share view is opened
[stable12] Fix unknown share token error message
[stable12] no themed icon when dragging folder
[stable12] Add quota to the files view
"Unspecified share exception" instead of proper 404 page on unknown public share tokens
[stable12] fix "add to your nextcloud" input field
[stable12] Revert "allow admin to disable groups on personal page"
Bearer auth backend causes problems with several dav clients
[stable12] filter missing groups in share provider
[stable12] use the email address configured in Nextcloud as sender instead of the users email address
[stable12] execute eval in global scope, addresses #5314
[stable12] l10n improvements from transifex
[stable12] Treat PHP Errors on User session regenerate
[stable12] Ldap attempt reconnect stable12
[stable12] allow users to send PropPatch request when calendar is group-shared with them
[stable12] urldecode group principals in Cal- and CardDAV backend
[stable12] Use the guest.css for the maintenance page as well
[stable12] Fixed a crash caused by Local::copyFromStorage() not conforming to Co…
[stable12] Make file name input tooltip error text change
Translate OAuth2 in stable12
[stable12] Localize contacts menu search input placeholder
[stable12] Prevent sending second WWW-Authenticate header
[stable12] don't try to encrypt/decrypt the certificate bundle
[stable12] allow PropPatch requests to contact_birthdays
[stable12] Fix username and avatar for external users
[stable12] Fix tag label removed when share view is opened
[stable12] Fix unknown share token error message
[stable12] no themed icon when dragging folder
[stable12] Add quota to the files view
"Unspecified share exception" instead of proper 404 page on unknown public share tokens
[stable12] fix "add to your nextcloud" input field
[stable12] Revert "allow admin to disable groups on personal page"
Bearer auth backend causes problems with several dav clients
[stable12] filter missing groups in share provider
[stable12] use the email address configured in Nextcloud as sender instead of the users email address
[stable12] execute eval in global scope, addresses #5314
[stable12] l10n improvements from transifex
Activity
[stable12] Fix mimetype icon of deleted folders
[stable12] Use PNG icons for emails and ios client
[stable12] Ignore paths from chunking
Notifications
Allow to expand the message on click...
text editor
[stable12] Use text editor endpoint for previews
[stable12] Use CRLF line ending by default for better compatibility
Gallery
Fix link when opening from files
[stable12] Do not use propably outdated core translations
Fix the translation source
[stable12] Fix logged error if file ID is not available
[stable12] Merge JS for public pages
PDF viewer
missing context dir
Fix z index for small screen sizes
|
|
* Sync with www/firefox-55.0
* Add be locale
|
|
Changelog:
New
Launched Windows support for WebVR, bringing immersive experiences to the web. See examples and try working demos at Mozilla VR.
Added options that let users optimize recent performance improvements
Setting to enable Hardware VP9 acceleration on Windows 10 Anniversary Edition for better battery life and lower CPU usage while watching videos
Setting to modify the number of concurrent content processes for faster page loading and more responsive tab switching
Simplified installation process with a streamlined Windows stub installer
Firefox for Windows 64-bit is now installed by default on 64-bit systems with at least 2GB of RAM
Full installers with advanced installation options are still available
Improved address bar functionality
Search with any installed one-click search engine directly from the address bar
Search suggestions appear by default
When entering a hostname (like pinterest.com) in the URL bar, Firefox resolves to the secure version of the site (https://www.pinterest.com) instead of the insecure version (http://www.pinterest.com) when possible
Updated Sidebar for bookmarks, history, and synced tabs so it can appear at the right edge of the window as well as the left
Added support for stereo microphones with WebRTC
Pages can be simplified before printing from within Print Preview
Updated Firefox for OSX and macOS to allow users to assign custom keyboard shortcuts to Firefox menu items via System Preferences
Browsing sessions with a high number of tabs are now restored in an instant
Make screenshots of webpages, and save them locally or upload them to the cloud. This feature will undergo A/B testing and will not be visible for some users.
Added Belarusian (be) locale
Fixed
Various security fixes
Changed
Made the Adobe Flash plugin click-to-activate by default and allowed only on http:// and https:// URL schemes. (This change will not be visible to all users immediately. For more information see the Firefox plugin roadmap)
Firefox does not support downgrades, even though this may have worked in past versions. Users who install Firefox 55+ and later downgrade to an earlier version may experience issues with Firefox.
Modernized application update UI to be less intrusive and more aligned with the rest of the browser. Only users who have not restarted their browser 8 days after downloading an update or users who opted out of automatic updates will see this change.
Security fixes:
CVE-2017-7798: XUL injection in the style editor in devtools
Reporter
Frederik Braun
Impact
critical
Description
The Developer Tools feature suffers from a XUL injection vulnerability due to improper sanitization of the web page source code. In the worst case, this could allow arbitrary code execution when opening a malicious page with the style editor tool.
References
Bug 1371586, 1372112
#CVE-2017-7800: Use-after-free in WebSockets during disconnection
Reporter
Looben Yang
Impact
critical
Description
A use-after-free vulnerability can occur in WebSockets when the object holding the connection is freed before the disconnection operation is finished. This results in an exploitable crash.
References
Bug 1374047
#CVE-2017-7801: Use-after-free with marquee during window resizing
Reporter
Nils
Impact
critical
Description
A use-after-free vulnerability can occur while re-computing layout for a marquee element during window resizing where the updated style object is freed while still in use. This results in a potentially exploitable crash.
References
Bug 1371259
#CVE-2017-7809: Use-after-free while deleting attached editor DOM node
Reporter
Nils
Impact
high
Description
A use-after-free vulnerability can occur when an editor DOM node is deleted prematurely during tree traversal while still bound to the document. This results in a potentially exploitable crash.
References
Bug 1380284
#CVE-2017-7784: Use-after-free with image observers
Reporter
Nils
Impact
high
Description
A use-after-free vulnerability can occur when reading an image observer during frame reconstruction after the observer has been freed. This results in a potentially exploitable crash.
References
Bug 1376087
#CVE-2017-7802: Use-after-free resizing image elements
Reporter
Nils
Impact
high
Description
A use-after-free vulnerability can occur when manipulating the DOM during the resize event of an image element. If these elements have been freed due to a lack of strong references, a potentially exploitable crash may occur when the freed elements are accessed.
References
Bug 1378147
#CVE-2017-7785: Buffer overflow manipulating ARIA attributes in DOM
Reporter
Nils
Impact
high
Description
A buffer overflow can occur when manipulating Accessible Rich Internet Applications (ARIA) attributes within the DOM. This results in a potentially exploitable crash.
References
Bug 1356985
#CVE-2017-7786: Buffer overflow while painting non-displayable SVG
Reporter
Nils
Impact
high
Description
A buffer overflow can occur when the image renderer attempts to paint non-displayable SVG elements. This results in a potentially exploitable crash.
References
Bug 1365189
#CVE-2017-7806: Use-after-free in layer manager with SVG
Reporter
Nils
Impact
high
Description
A use-after-free vulnerability can occur when the layer manager is freed too early when rendering specific SVG content, resulting in a potentially exploitable crash.
References
Bug 1378113
#CVE-2017-7753: Out-of-bounds read with cached style data and pseudo-elements
Reporter
SkyLined
Impact
high
Description
An out-of-bounds read occurs when applying style rules to pseudo-elements, such as ::first-line, using cached style data.
References
Bug 1353312
#CVE-2017-7787: Same-origin policy bypass with iframes through page reloads
Reporter
Oliver Wagner
Impact
high
Description
Same-origin policy protections can be bypassed on pages with embedded iframes during page reloads, allowing the iframes to access content on the top level page, leading to information disclosure.
References
Bug 1322896
#CVE-2017-7807: Domain hijacking through AppCache fallback
Reporter
Mathias Karlsson
Impact
high
Description
A mechanism that uses AppCache to hijack a URL in a domain using fallback by serving the files from a sub-path on the domain. This has been addressed by requiring fallback files be inside the manifest directory.
References
Bug 1376459
#CVE-2017-7792: Buffer overflow viewing certificates with an extremely long OID
Reporter
Fraser Tweedale
Impact
high
Description
A buffer overflow will occur when viewing a certificate in the certificate manager if the certificate has an extremely long object identifier (OID). This results in a potentially exploitable crash.
References
Bug 1368652
#CVE-2017-7804: Memory protection bypass through WindowsDllDetourPatcher
Reporter
Stephen Fewer
Impact
high
Description
The destructor function for the WindowsDllDetourPatcher class can be re-purposed by malicious code in concert with another vulnerability to write arbitrary data to an attacker controlled location in memory. This can be used to bypass existing memory protections in this situation.
Note: This attack only affects Windows operating systems. Other operating systems are not affected.
References
Bug 1372849
#CVE-2017-7791: Spoofing following page navigation with data: protocol and modal alerts
Reporter
Jose María Acuña
Impact
moderate
Description
On pages containing an iframe, the data: protocol can be used to create a modal alert that will render over arbitrary domains following page navigation, spoofing of the origin of the modal alert from the iframe content.
References
Bug 1365875
#CVE-2017-7808: CSP information leak with frame-ancestors containing paths
Reporter
Jun Kokatsu
Impact
moderate
Description
A content security policy (CSP) frame-ancestors directive containing origins with paths allows for comparisons against those paths instead of the origin. This results in a cross-origin information leak of this path information.
References
Bug 1367531
#CVE-2017-7782: WindowsDllDetourPatcher allocates memory without DEP protections
Reporter
Arthur Edelstein
Impact
moderate
Description
An error in the WindowsDllDetourPatcher where a RWX ("Read/Write/Execute") 4k block is allocated but never protected, violating DEP protections.
Note: This attack only affects Windows operating systems. Other operating systems are not affected.
References
Bug 1344034
#CVE-2017-7781: Elliptic curve point addition error when using mixed Jacobian-affine coordinates
Reporter
Antonio Sanso
Impact
moderate
Description
An error occurs in the elliptic curve point addition algorithm that uses mixed Jacobian-affine coordinates where it can yield a result POINT_AT_INFINITY when it should not. A man-in-the-middle attacker could use this to interfere with a connection, resulting in an attacked party computing an incorrect shared secret.
References
Bug 1352039
#CVE-2017-7794: Linux file truncation via sandbox broker
Reporter
Jann Horn
Impact
moderate
Description
On Linux systems, if the content process is compromised, the sandbox broker will allow files to be truncated even though the sandbox explicitly only has read access to the local file system and no write permissions.
Note: This attack only affects the Linux operating system. Other operating systems are not affected.
References
Bug 1374281
#CVE-2017-7803: CSP containing 'sandbox' improperly applied
Reporter
Rhys Enniks
Impact
moderate
Description
When a page’s content security policy (CSP) header contains a sandbox directive, other directives are ignored. This results in the incorrect enforcement of CSP.
References
Bug 1377426
#CVE-2017-7799: Self-XSS XUL injection in about:webrtc
Reporter
Frederik Braun
Impact
moderate
Description
JavaScript in the about:webrtc page is not sanitized properly being being assigned to innerHTML. Data on this page is supplied by WebRTC usage and is not under third-party control, making this difficult to exploit, but the vulnerability could possibly be used for a cross-site scripting (XSS) attack.
References
Bug 1372509
#CVE-2017-7783: DOS attack through long username in URL
Reporter
Amit Sangra
Impact
low
Description
If a long user name is used in a username/password combination in a site URL (such as http://UserName:Password@example.com), the resulting modal prompt will hang in a non-responsive state or crash, causing a denial of service.
References
Bug 1360842
#CVE-2017-7788: Sandboxed about:srcdoc iframes do not inherit CSP directives
Reporter
Muneaki Nishimura
Impact
low
Description
When an iframe has a sandbox attribute and its content is specified using srcdoc, that content does not inherit the containing page's Content Security Policy (CSP) as it should unless the sandbox attribute included allow-same-origin.
References
Bug 1073952
#CVE-2017-7789: Failure to enable HSTS when two STS headers are sent for a connection
Reporter
Muneaki Nishimura
Impact
low
Description
If a server sends two Strict-Transport-Security (STS) headers for a single connection, they will be rejected as invalid and HTTP Strict Transport Security (HSTS) will not be enabled for the connection.
References
Bug 1074642
#CVE-2017-7790: Windows crash reporter reads extra memory for some non-null-terminated registry values
Reporter
Xiaoyin Liu
Impact
low
Description
On Windows systems, if non-null-terminated strings are copied into the crash reporter for some specific registry keys, stack memory data can be copied until a null is found. This can potentially contain private data from the local system.
Note: This attack only affects Windows operating systems. Other operating systems are not affected.
References
Bug 1350460
#CVE-2017-7796: Windows updater can delete any file named update.log
Reporter
Matt Howell
Impact
low
Description
On Windows systems, the logger run by the Windows updater deletes the file "update.log" before it runs in order to write a new log of that name. The path to this file is supplied at the command line to the updater and could be used in concert with another local exploit to delete a different file named "update.log" instead of the one intended.
Note: This attack only affects Windows operating systems. Other operating systems are not affected.
References
Bug 1234401
#CVE-2017-7797: Response header name interning leaks across origins
Reporter
Anne van Kesteren
Impact
low
Description
Response header name interning does not have same-origin protections and these headers are stored in a global registry. This allows stored header names to be available cross-origin.
References
Bug 1334776
#CVE-2017-7780: Memory safety bugs fixed in Firefox 55
Reporter
Mozilla developers and community
Impact
critical
Description
Mozilla developers and community members Gary Kwong, Christian Holler, André Bargull, Bob Clary, Carsten Book, Emilio Cobos Álvarez, Masayuki Nakano, Sebastian Hengst, Franziskus Kiefer, Tyson Smith, and Ronald Crane reported memory safety bugs present in Firefox 54. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.
References
Memory safety bugs fixed in Firefox 55
#CVE-2017-7779: Memory safety bugs fixed in Firefox 55 and Firefox ESR 52.3
Reporter
Mozilla developers and community
Impact
critical
Description
Mozilla developers and community members Masayuki Nakano, Gary Kwong, Ronald Crane, Andrew McCreight, Tyson Smith, Bevis Tseng, Christian Holler, Bryce Van Dyk, Dragana Damjanovic, Kartikaya Gupta, Philipp, Tristan Bourvon, and Andi-Bogdan Postelnicu reported memory safety bugs present in Firefox 54 and Firefox ESR 52.2. Some of these bugs showed evidence of memory corruption and we presume that with enough effort that some of these could be exploited to run arbitrary code.
References
Memory safety bugs fixed in Firefox 55 and Firefox ESR 52.3
|
|
|
|
Curl and libcurl 7.55.0
Public curl releases: 167
Command line options: 210
curl_easy_setopt() options: 247
Public functions in libcurl: 61
Contributors: 1571
This release includes the following changes:
o curl: allow --header and --proxy-header read from file [7]
o getinfo: provide sizes as curl_off_t [6]
o curl: prevent binary output spewed to terminal [16]
o curl: added --request-target [22]
o libcurl: added CURLOPT_REQUEST_TARGET [22]
o curl: added --socks5-{basic,gssapi}: control socks5 auth [30]
o libcurl: added CURLOPT_SOCKS5_AUTH [30]
This release includes the following bugfixes:
o glob: do not parse after a strtoul() overflow range (CVE-2017-1000101) [85]
o tftp: reject file name lengths that don't fit (CVE-2017-1000100) [84]
o file: output the correct buffer to the user (CVE-2017-1000099) [83]
o includes: remove curl/curlbuild.h and curl/curlrules.h [1]
o dist: make the hugehelp.c not get regenerated unnecessarily [2]
o timers: store internal time stamps as time_t instead of doubles [3]
o progress: let "current speed" be UL + DL speeds combined [4]
o http-proxy: do the HTTP CONNECT process entirely non-blocking [5]
o lib/curl_setup.h: remove CURL_WANTS_CA_BUNDLE_ENV [8]
o fuzz: bring oss-fuzz initial code converted to C89 [10]
o configure: disable nghttp2 too if HTTP has been disabled
o mk-ca-bundle.pl: Check curl's exit code after certdata download [11]
o test1148: verify the -# progressbar [12]
o tests: stabilize test 2032 and 2033 [13]
o HTTPS-Proxy: don't offer h2 for https proxy connections [14]
o http-proxy: only attempt FTP over HTTP proxy [9]
o curl-compilers.m4: enable vla warning for clang [15]
o curl-compilers.m4: enable double-promotion warning [15]
o curl-compilers.m4: enable missing-variable-declarations clang warning [15]
o curl-compilers.m4: enable comma clang warning [15]
o Makefile.m32: enable -W for MinGW32 build [15]
o CURLOPT_PREQUOTE: not supported for SFTP [17]
o http2: fix OOM crash
o PIPELINING_SERVER_BL: cleanup the internal list use [18]
o mkhelp.pl: fix script name in usage text
o lib1521: add curl_easy_getinfo calls to the test set
o travis: do the distcheck test build out-of-tree as well
o if2ip: fix compiler warning in ISO C90 mode
o lib: fix the djgpp build [19]
o typecheck-gcc: add support for CURLINFO_OFF_T [20]
o travis: enable typecheck-gcc warnings [21]
o maketgz: switch to xz instead of lzma [23]
o CURLINFO_REDIRECT_URL.3: mention the CURLOPT_MAXREDIRS case
o curl-compilers.m4: fix unknown-warning-option on Apple clang [24]
o winbuild: fix boringssl build [25]
o curl/system.h: add check for XTENSA for 32bit gcc [26]
o test1537: fixed memory leak on OOM
o test1521: fix compiler warnings [27]
o curl: fix memory leak on test 1147 OOM [28]
o libtest/make: generate lib1521.c dynamically at build-time [29]
o curl_strequal.3: fix typo in SYNOPSIS [31]
o progress: prevent resetting t_starttransfer [32]
o openssl: improve fallback seed of PRNG with a time based hash [33]
o http2: improved PING frame handling [34]
o test1450: add simple testing for DICT [35]
o make: build the docs subdir only from within src [36]
o cmake: Added compatibility options for older Windows versions [37]
o gtls: fix build when sizeof(long) < sizeof(void *) [38]
o url: make the original string get used on subsequent transfers [39]
o timeval.c: Use long long constant type for timeval assignment [40]
o tool_sleep: typecast to avoid macos compiler warning
o travis.yml: use --enable-werror on debug builds [41]
o test1451: add SMB support to the testbed [42]
o configure: remove checks for 5 functions never used [43]
o configure: try ldap/lber in reversed order first [44]
o smb: fix build for djgpp/MSDOS [45]
o travis: install nghttp2 on linux builds [46]
o smb: add support for CURLOPT_FILETIME [47]
o cmake: fix send/recv argument scanner for windows [48]
o inet_pton: fix include on windows to get prototype [49]
o select.h: avoid macro redefinition harder
o cmake: if inet_pton is used, bump _WIN32_WINNT
o asyn-thread.c: fix unused variable warnings on macOS
o runtests: support "threaded-resolver" as a feature
o test506: skip if threaded-resolver
o cmake: remove spurious "-l" from linker flags [50]
o cmake: add CURL_WERROR for enabling "warning as errors"
o memdebug: don't setbuf() if the file open failed [51]
o curl_easy_escape.3: mention the (lack of) encoding [52]
o test1452: add telnet negotiation [53]
o CURLOPT_POSTFIELDS.3: explain the 100-continue magic better
o cmake: offer CMAKE_DEBUG_POSTFIX when building with MSVC [54]
o tests/valgrind.supp: supress OpenSSL false positive seen on travis [55]
o curl_setup_once: Remove ERRNO/SET_ERRNO macros [56]
o curl-compilers.m4: disable warning spam with Cygwin's clang [57]
o ldap: fix MinGW compiler warning [58]
o make: fix docs build on OpenBSD [59]
o curl_setup: always define WIN32_LEAN_AND_MEAN on Windows [60]
o system.h: include winsock2.h before windows.h
o winbuild: build with warning level 4 [61]
o rtspd: fix MSVC level 4 warning
o sockfilt: suppress conversion warning with explicit cast
o libtest: fix MSVC warning C4706
o darwinssl: fix pinnedpubkey build error [62]
o tests/server/resolve.c: fix deprecation warning [63]
o nss: fix a possible use-after-free in SelectClientCert() [64]
o checksrc: escape open brace in regex
o multi: mention integer overflow risk if using > 500 million sockets [65]
o darwinssl: fix --tlsv1.2 regression [66]
o timeval: struct curltime is a struct timeval replacement [67]
o curl_rtmp: fix a compiler warning [68]
o include.d: clarify that it concerns the response headers [69]
o cmake: support make uninstall [70]
o include.d: clarify --include is only for response headers [71]
o libcurl: Stop using error codes defined under CURL_NO_OLDIES [72]
o http: fix response code parser to avoid integer overflow [73]
o configure: fix the check for IdnToUnicode [74]
o multi: fix request timer management [75]
o curl_threads: fix MSVC compiler warning [76]
o travis: build on osx with openssl
o travis: build on osx with libressl
o CURLOPT_NETRC.3: mention the file name on windows
o cmake: set MSVC warning level to 4 [77]
o netrc: skip lines starting with '#' [78]
o darwinssl: fix curlssl_sha256sum() compiler warnings on first argument
o BUILD.WINDOWS: mention buildconf.bat for builds off git
o darwinssl: silence compiler warnings [79]
o travis: build on osx with darwinssl
o FTP: skip unnecessary CWD when in nocwd mode [80]
o gssapi: fix memory leak of output token in multi round context [81]
o getparameter: avoid returning uninitialized 'usedarg' [82]
o curl (debug build) easy_events: make event data static
o curl: detect and bail out early on parameter integer overflows [86]
o configure: fix recv/send/select detection on Android [87]
|
|
Bump the PKGREVISION where the package install script has changed
due to changes in MAKE_DIRS or OWN_DIRS.
|
|
WordPress 4.8.1 contains 29 maintenance fixes and enhancements to the 4.8 release series, chief among them are fixes to the rich Text widget and the introduction of the Custom HTML widget.
Administration
* #40982 - Permalink Settings: custom structure field keyboard trap
Build/Test Tools
* #41327 - Bump Akismet External - 4.9 Edition
Comments
* #40975 - 'Empty Spam' and 'Empty Trash' comment buttons not displayed on mobile
Customize
* #40978 - Customizer Panel Footer border missing
* #40981 - Customizer: Menus: it is far too easy to mistakenly delete a menu because the "Delete Menu" link and the "Add Items" button are too close together
* #41158 - Increase tinymce panel z-index
* #41410 - Set `'filter' => 'content'` on starter content "business info" widget
Embeds
* #41019 - oEmbed: Update VideoPress oEmbed URL
* #41048 - `WP_oEmbed_Controller::get_proxy_item()` should remove `_wpnonce` from cached `$args`
* #41299 - oEmbed proxy fails to forward maxwidth and maxheight params
General
* #41056 - WP-API JS Client: Settings is incorrectly registered as a collection
Media
* #41231 - media-views.js: Cannot read .length of undefined (this.controller.$uploaderToggler.length)
REST API
* #38964 - Add filter to allow modifying response *after* embedded data is added
* #40886 - REST API: PUT requests fail on Nginx servers when fancy permalinks aren't enabled
Taxonomy
* #41010 - wp_get_object_terms() returns duplicate terms if more than one taxonomy is given in args
TinyMCE
* #41408 - TinyMCE: Images with link and caption look "broken" when selected
Widgets
* #40907 - Introduce widget dedicated for HTML code
* #40935 - Facebook Video Works On Preview But Not On Theme
* #40951 - New Text Widget - Switching Between Visual/Text Editor Strips Out Code
* #40960 - Widgets: The Text widget should respect the “Disable the visual editor when writing” setting
* #40972 - TinyMCE editor in Text widget does not have RTL contents
* #40974 - Updated text widget do not save text (when using paste)
* #40977 - Widgets: Query param for `loop` added for non-hosted external videos
* #40986 - Widgets: text widget and media widgets cannot be edited in accessibility mode
* #41021 - Text widget does not show Title field or TinyMCE editor
* #41361 - Text widget can raise JS error if customize-base is enqueued on widgets admin screen
* #41386 - Text Widget - Wording - Legacy Mode 4.8.1 beta
* #41392 - Theme styles for Text widget do not apply to Custom HTML widget
* #41394 - Text widget: Rename legacy mode to visual mode and improve back-compat for widget_text filters
|
|
Upstream changes:
0.205001 2017-07-11 08:03:21-05:00 America/Chicago
[ BUG FIXES ]
* GH #1332: Add check for old version of HTTP::XSCookies (Peter Mottram -
SysPete)
* GH #1336: Fix warnings on 5.10 and below. (Sawyer X)
* GH #1347: Add Perl versions 5.22-5.26 and appveyor to Travis-CI
configuration (Dave Jacoby)
[ ENHANCEMENTS ]
* GH #1281: Use Ref::Util in Core for all reference checks (Mickey
Nasriachi)
* GH #1338: Add message explaining how to run newly-created application
(Jonathan Cast)
[ DOCUMENTATION ]
* GH #1334: Fix prefix example in Cookbook (Abdullah Diab)
* GH #1335: Add missing word in request->host docs (Glenn Fowler)
* GH #1337: Fix link in SEE ALSO section of Dancer2::Core::Types (Stefan
Hornburg - Racke)
* GH #1341: Clarify plugin documentation (Stefan Hornburg - Racke)
* GH #1345, #1351, #1356: Fix password check code example in tutorial
(Jonathan Cast)
* GH #1355: Fix typo (Gregor Herrmann)
|
|
- CI improvements:
* Add basic working Circle CI v2 config
- Fix URI encoding bug introduced in 39
* Improve cheroot.test.helper.Controller to properly match unicode
v5.8.0
- CI improvements:
* Switch to native PyPy support in Travis CI
* Take into account PEP 257 compliant modules
* Build wheel in Appveyor and store it as an artifact
- Improve urllib support in ``_compat`` module
- 38 via 39: Improve URI parsing:
* Make it compliant with RFC 7230, RFC 7231 and RFC 2616
* Fix setting of ``environ['QUERY_STRING']`` in WSGI
* Introduce ``proxy_mode`` and ``strict_mode`` argument in ``server.HTTPRequest``
* Fix decoding of unicode URIs in WSGI 1.0 gateway
|
|
Don’t raise deprecation warning on loop.run_until_complete(client.close())
|
|
Fix error where transport.get_extra_info returned None
Remove uvloop requirement for gunicorn worker
Fix error where request.token() would fail if Authorization headers were not provided
Added an abort function to easily exit out of route handlers
Added a file_stream response handler
Add support for streaming large static files
Added streaming requests
Added websocket max_size and max_queue configuration
Fixed test client not working with HTTP2
Added match_info property to request class
Added support for recycling the gunicorn worker
Added an Unauthorized exception
Added a Forbidden exception
Added a graceful timeout when shutdown
|
|
Fix issue with synchronous session closing when using ClientSession as an asynchronous context manager.
|
|
* Minimum PHP version.
* Require php-pdo_mysql.
Bump PKGREVISION.
|
|
Bugfixes:
Fixed a regression in 1.11.3 on Python 2 where non-ASCII format values for date/time widgets results in an empty value in the widget’s HTML.
Fixed QuerySet.union() and difference() when combining with a queryset raising EmptyResultSet.
Fixed a regression in pickling of LazyObject on Python 2 when the wrapped object doesn’t have __reduce__().
Fixed crash in runserver’s autoreload with Python 2 on Windows with non-str environment variables.
Corrected Field.has_changed() to return False for disabled form fields: BooleanField, MultipleChoiceField, MultiValueField, FileField, ModelChoiceField, and ModelMultipleChoiceField.
Fixed QuerySet.count() for union(), difference(), and intersection() queries..
Fixed ClearableFileInput rendering as a subwidget of MultiWidget. Custom clearable_file_input.html widget templates will need to adapt for the fact that context values checkbox_name, checkbox_id, is_initial, input_text, initial_text, and clear_checkbox_label are now attributes of widget rather than appearing in the top-level context.
Fixed queryset crash when using a GenericRelation to a proxy model
|
|
Version 0.15
~~~~~~~~~~~~
Released on 2017-06-27.
* Add ``Freezer.freeze_yield()`` method to make progress reporting easier.
(Thanks to Miro Hrončok.)
Version 0.14
~~~~~~~~~~~~
Released on 2017-03-22.
* Add the ``FREEZER_SKIP_EXISTING`` configuration to skip generation
of files already in the build directory. (Thanks to Antoine Goutenoir.)
* Add shared superclass ``FrozenFlaskWarning`` for all warnings.
(Thanks to Miro Hrončok.)
|
|
|
|
|
|
|
|
|
|
pkgsrc chagne: correct DESCR.
The bugfix release fixes the issues with the new DCA picker.
|
|
|
|
|
|
Remove insecure Js2Py library (code execution risk)
Please upgrade to 1.8.0 immediately.
Versions 1.6.6 to 1.7.1 are vulnerable to code execution. If you are running a vulnerable version, a malicious website owner could craft a page which executes arbitrary Python code on the machine that runs this script. This can only occur if the website that the user attempts to scrape has specifically prepared a page to exploit vulnerable versions of cfscrape.
|
