| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
0.12.1
Changed
Pinning h11 and python-dotenv to min versions
Get docs/index.md in sync with README.md
Fixed
Improve changelog by pointing out breaking changes
|
|
0.15.5
Added
* Add `response.next_request`
|
|
Upstream changes:
Django 3.1.2 release notes¶
October 1, 2020
Django 3.1.2 fixes several bugs in 3.1.1.
Bugfixes¶
Fixed a bug in Django 3.1 where FileField instances with a callable storage were not correctly deconstructed (#31941).
Fixed a regression in Django 3.1 where the QuerySet.ordered attribute returned incorrectly True for GROUP BY queries (e.g. .annotate().values()) on models with Meta.ordering. A model’s Meta.ordering doesn’t affect such queries (#31990).
Fixed a regression in Django 3.1 where a queryset would crash if it contained an aggregation and a Q object annotation (#32007).
Fixed a bug in Django 3.1 where a test database was not synced during creation when using the MIGRATE test database setting (#32012).
Fixed a django.contrib.admin.EmptyFieldListFilter crash when using on a GenericRelation (#32038).
Fixed a regression in Django 3.1.1 where the admin changelist filter sidebar would not scroll for a long list of available filters (#31986).
|
|
Upstream changes please visit:
https://www.mediawiki.org/wiki/Release_notes/1.35
|
|
Version 20.9.0
Features
* Pass subprotocols in websockets (both sanic server and ASGI)
* Automatically set test_mode flag on app instance
* Add new unified method for updating app values
* Adds WEBSOCKET_PING_TIMEOUT and WEBSOCKET_PING_INTERVAL configuration values
* httpx version dependency updated, it is slated for removal as a dependency in v20.12
* Added auto, text, and json fallback error handlers (in v21.3, the default will change form html to auto)
Bugfixes
* Resolves exception from unread bytes in stream
Deprecations and Removals
* config.from_envar, config.from_pyfile, and config.from_object are deprecated and set to be removed in v21.3
Developer infrastructure
* Update isort calls to be compatible with new API
* Remove version section from setup.cfg
* Adding --strict-markers for pytest
Improved Documentation
* Add explicit ASGI compliance to the README
|
|
0.15.4
Added
* Support direct comparisons between `Headers` and dicts or lists of two-tuples. Eg. `assert response.headers == {"Content-Length": 24}`
Fixed
* Fix automatic `.read()` when `Response` instances are created with `content=<str>`
0.15.3
Fixed
* Fixed connection leak in async client due to improper closing of response streams.
0.15.2
Fixed
* Fixed `response.elapsed` property.
* Fixed client authentication interaction with `.stream()`.
0.15.1
Fixed
* ASGITransport now properly applies URL decoding to the `path` component, as-per the ASGI spec.
0.15.0
Added
* Added support for curio. (Pull https://github.com/encode/httpcore/pull/168)
* Added support for event hooks.
* Added support for authentication flows which require either sync or async I/O.
* Added support for monitoring download progress with `response.num_bytes_downloaded`.
* Added `Request(content=...)` for byte content, instead of overloading `Request(data=...)`
* Added support for all URL components as parameter names when using `url.copy_with(...)`.
* Neater split between automatically populated headers on `Request` instances, vs default `client.headers`.
* Unclosed `AsyncClient` instances will now raise warnings if garbage collected.
* Support `Response(content=..., text=..., html=..., json=...)` for creating usable response instances in code.
* Support instantiating requests from the low-level transport API.
* Raise errors on invalid URL types.
Changed
* Cleaned up expected behaviour for URL escaping. `url.path` is now URL escaped.
* Cleaned up expected behaviour for bytes vs str in URL components. `url.userinfo` and `url.query` are not URL escaped, and so return bytes.
* Drop `url.authority` property in favour of `url.netloc`, since "authority" was semantically incorrect.
* Drop `url.full_path` property in favour of `url.raw_path`, for better consistency with other parts of the API.
* No longer use the `chardet` library for auto-detecting charsets, instead defaulting to a simpler approach when no charset is specified.
Fixed
* Swapped ordering of redirects and authentication flow.
* `.netrc` lookups should use host, not host+port.
Removed
* The `URLLib3Transport` class no longer exists. We've published it instead as an example of [a custom transport class](https://gist.github.com/florimondmanca/d56764d78d748eb9f73165da388e546e).
* Drop `request.timer` attribute, which was being used internally to set `response.elapsed`.
* Drop `response.decoder` attribute, which was being used internally.
* `Request.prepare()` is now a private method.
* The `Headers.getlist()` method had previously been deprecated in favour of `Headers.get_list()`. It is now fully removed.
* The `QueryParams.getlist()` method had previously been deprecated in favour of `QueryParams.get_list()`. It is now fully removed.
* The `URL.is_ssl` property had previously been deprecated in favour of `URL.scheme == "https"`. It is now fully removed.
* The `httpx.PoolLimits` class had previously been deprecated in favour of `httpx.Limits`. It is now fully removed.
* The `max_keepalive` setting had previously been deprecated in favour of the more explicit `max_keepalive_connections`. It is now fully removed.
* The verbose `httpx.Timeout(5.0, connect_timeout=60.0)` style had previously been deprecated in favour of `httpx.Timeout(5.0, connect=60.0)`. It is now fully removed.
* Support for instantiating a timeout config missing some defaults, such as `httpx.Timeout(connect=60.0)`, had previously been deprecated in favour of enforcing a more explicit style, such as `httpx.Timeout(5.0, connect=60.0)`. This is now strictly enforced.
0.14.3
Added
* `http.Response()` may now be instantiated without a `request=...` parameter. Useful for some unit testing cases.
* Add `103 Early Hints` and `425 Too Early` status codes.
Fixed
* `DigestAuth` now handles responses that include multiple 'WWW-Authenticate' headers.
* Call into transport `__enter__`/`__exit__` or `__aenter__`/`__aexit__` when client is used in a context manager style.
0.14.2
Added
* Support `client.get(..., auth=None)` to bypass the default authentication on a clients.
* Support `client.auth = ...` property setter.
* Support `httpx.get(..., proxies=...)` on top-level request functions.
* Display instances with nicer import styles. (Eg. <httpx.ReadTimeout ...>)
* Support `cookies=[(key, value)]` list-of-two-tuples style usage.
Fixed
* Ensure that automatically included headers on a request may be modified.
* Allow explicit `Content-Length` header on streaming requests.
* Handle URL quoted usernames and passwords properly.
* Use more consistent default for `HEAD` requests, setting `allow_redirects=True`.
* If a transport error occurs while streaming the response, raise an `httpx` exception, not the underlying `httpcore` exception.
* Include the underlying `httpcore` traceback, when transport exceptions occur.
0.14.1
Added
* The `httpx.URL(...)` class now raises `httpx.InvalidURL` on invalid URLs, rather than exposing the underlying `rfc3986` exception. If a redirect response includes an invalid 'Location' header, then a `RemoteProtocolError` exception is raised, which will be associated with the request that caused it.
Fixed
* Handling multiple `Set-Cookie` headers became broken in the 0.14.0 release, and is now resolved.
0.14.0
The 0.14 release includes a range of improvements to the public API, intended on preparing for our upcoming 1.0 release.
* Our HTTP/2 support is now fully optional. **You now need to use `pip install httpx[http2]` if you want to include the HTTP/2 dependancies.**
* Our HSTS support has now been removed. Rewriting URLs from `http` to `https` if the host is on the HSTS list can be beneficial in avoiding roundtrips to incorrectly formed URLs, but on balance we've decided to remove this feature, on the principle of least surprise. Most programmatic clients do not include HSTS support, and for now we're opting to remove our support for it.
* Our exception hierarchy has been overhauled. Most users will want to stick with their existing `httpx.HTTPError` usage, but we've got a clearer overall structure now. See https://www.python-httpx.org/exceptions/ for more details.
When upgrading you should be aware of the following public API changes. Note that deprecated usages will currently continue to function, but will issue warnings.
* You should now use `httpx.codes` consistently instead of `httpx.StatusCodes`.
* Usage of `httpx.Timeout()` should now always include an explicit default. Eg. `httpx.Timeout(None, pool=5.0)`.
* When using `httpx.Timeout()`, we now have more concisely named keyword arguments. Eg. `read=5.0`, instead of `read_timeout=5.0`.
* Use `httpx.Limits()` instead of `httpx.PoolLimits()`, and `limits=...` instead of `pool_limits=...`.
* The `httpx.Limits(max_keepalive=...)` argument is now deprecated in favour of a more explicit `httpx.Limits(max_keepalive_connections=...)`.
* Keys used with `Client(proxies={...})` should now be in the style of `{"http://": ...}`, rather than `{"http": ...}`.
* The multidict methods `Headers.getlist()` and `QueryParams.getlist()` are deprecated in favour of more consistent `.get_list()` variants.
* The `URL.is_ssl` property is deprecated in favour of `URL.scheme == "https"`.
* The `URL.join(relative_url=...)` method is now `URL.join(url=...)`. This change does not support warnings for the deprecated usage style.
One notable aspect of the 0.14.0 release is that it tightens up the public API for `httpx`, by ensuring that several internal attributes and methods have now become strictly private.
The following previously had nominally public names on the client, but were all undocumented and intended solely for internal usage. They are all now replaced with underscored names, and should not be relied on or accessed.
These changes should not affect users who have been working from the `httpx` documentation.
* `.merge_url()`, `.merge_headers()`, `.merge_cookies()`, `.merge_queryparams()`
* `.build_auth()`, `.build_redirect_request()`
* `.redirect_method()`, `.redirect_url()`, `.redirect_headers()`, `.redirect_stream()`
* `.send_handling_redirects()`, `.send_handling_auth()`, `.send_single_request()`
* `.init_transport()`, `.init_proxy_transport()`
* `.proxies`, `.transport`, `.netrc`, `.get_proxy_map()`
Some areas of API which were already on the deprecation path, and were raising warnings or errors in 0.13.x have now been escalated to being fully removed.
* Drop `ASGIDispatch`, `WSGIDispatch`, which have been replaced by `ASGITransport`, `WSGITransport`.
* Drop `dispatch=...`` on client, which has been replaced by `transport=...``
* Drop `soft_limit`, `hard_limit`, which have been replaced by `max_keepalive` and `max_connections`.
* Drop `Response.stream` and` `Response.raw`, which have been replaced by ``.aiter_bytes` and `.aiter_raw`.
* Drop `proxies=<transport instance>` in favor of `proxies=httpx.Proxy(...)`.
Added
* Added dedicated exception class `httpx.HTTPStatusError` for `.raise_for_status()` exceptions.
* Added `httpx.create_ssl_context()` helper function.
* Support for proxy exlcusions like `proxies={"https://www.example.com": None}`.
* Support `QueryParams(None)` and `client.params = None`.
Changed
* Use `httpx.codes` consistently in favour of `httpx.StatusCodes` which is placed into deprecation.
* Usage of `httpx.Timeout()` should now always include an explicit default. Eg. `httpx.Timeout(None, pool=5.0)`.
* Switch to more concise `httpx.Timeout()` keyword arguments. Eg. `read=5.0`, instead of `read_timeout=5.0`.
* Use `httpx.Limits()` instead of `httpx.PoolLimits()`, and `limits=...` instead of `pool_limits=...`.
* Keys used with `Client(proxies={...})` should now be in the style of `{"http://": ...}`, rather than `{"http": ...}`.
* The multidict methods `Headers.getlist` and `QueryParams.getlist` are deprecated in favour of more consistent `.get_list()` variants.
* `URL.port` becomes `Optional[int]`. Now only returns a port if one is explicitly included in the URL string.
* The `URL(..., allow_relative=[bool])` parameter no longer exists. All URL instances may be relative.
* Drop unnecessary `url.full_path = ...` property setter.
* The `URL.join(relative_url=...)` method is now `URL.join(url=...)`.
* The `URL.is_ssl` property is deprecated in favour of `URL.scheme == "https"`.
Fixed
* Add missing `Response.next()` method.
* Ensure all exception classes are exposed as public API.
* Support multiple items with an identical field name in multipart encodings.
* Skip HSTS preloading on single-label domains.
* Fixes for `Response.iter_lines()`.
* Ignore permission errors when accessing `.netrc` files.
* Allow bare hostnames in `HTTP_PROXY` etc... environment variables.
* Settings `app=...` or `transport=...` bypasses any environment based proxy defaults.
* Fix handling of `.base_url` when a path component is included in the base URL.
|
|
0.11.1
Fixed
- Add await to async semaphore release() coroutine
- Drop incorrect curio classifier
0.11.0
The Transport API with 0.11.0 has a couple of significant changes.
Firstly we've moved changed the request interface in order to allow extensions, which will later enable us to support features
such as trailing headers, HTTP/2 server push, and CONNECT/Upgrade connections.
The interface changes from:
```python
def request(method, url, headers, stream, timeout):
return (http_version, status_code, reason, headers, stream)
```
To instead including an optional dictionary of extensions on the request and response:
```python
def request(method, url, headers, stream, ext):
return (status_code, headers, stream, ext)
```
Having an open-ended extensions point will allow us to add later support for various optional features, that wouldn't otherwise be supported without these API changes.
In particular:
* Trailing headers support.
* HTTP/2 Server Push
* sendfile.
* Exposing raw connection on CONNECT, Upgrade, HTTP/2 bi-di streaming.
* Exposing debug information out of the API, including template name, template context.
Currently extensions are limited to:
* request: `timeout` - Optional. Timeout dictionary.
* response: `http_version` - Optional. Include the HTTP version used on the response.
* response: `reason` - Optional. Include the reason phrase used on the response. Only valid with HTTP/1.*.
See https://github.com/encode/httpx/issues/1274#issuecomment-694884553 for the history behind this.
Secondly, the async version of `request` is now namespaced as `arequest`.
This allows concrete transports to support both sync and async implementations on the same class.
Added
- Add curio support.
- Add anyio support, with `backend="anyio"`.
Changed
- Update the Transport API to use 'ext' for optional extensions.
- Update the Transport API to use `.request` and `.arequest` so implementations can support both sync and async.
0.10.2
Added
- Added Unix Domain Socket support.
Fixed
- Always include the port on proxy CONNECT requests.
- Fix `max_keepalive_connections` configuration.
- Fixes behaviour in HTTP/1.1 where server disconnects can be used to signal the end of the response body.
0.10.1
- Include `max_keepalive_connections` on `AsyncHTTPProxy`/`SyncHTTPProxy` classes.
0.10.0
The most notable change in the 0.10.0 release is that HTTP/2 support is now fully optional.
Use either `pip install httpcore` for HTTP/1.1 support only, or `pip install httpcore[http2]` for HTTP/1.1 and HTTP/2 support.
Added
- HTTP/2 support becomes optional.
- Add `local_address=...` support.
- Add `PlainByteStream`, `IteratorByteStream`, `AsyncIteratorByteStream`. The `AsyncByteSteam` and `SyncByteStream` classes are now pure interface classes.
- Add `LocalProtocolError`, `RemoteProtocolError` exceptions.
- Add `UnsupportedProtocol` exception.
- Add `.get_connection_info()` method.
- Add better TRACE logs.
Changed
- `max_keepalive` is deprecated in favour of `max_keepalive_connections`.
Fixed
- Improve handling of server disconnects.
|
|
Upstream changes:
3.9.2
General fixes and improvements
MDL-63375 - Workshop rubric display issue in grid view
MDL-60574 - Atto editor undo/redo (crtl-y/z) can sometimes wipe all content
MDL-26401 - Byte order mark at the beginning of import groups file fail the process with the confusing error message
MDL-51709 - Gradebook single view has a hard coded name format in grade view
MDL-40227 - Numerical question in lesson - decimal fractions problem
MDL-66665 - Reopened assignment shown as graded by student themselves
MDL-61215 - Badge and user profile picture using an svg file doesn't display
MDL-66810 - Allow microphone and camera to be accessed from content iframe
MDL-69079 - Activity chooser does not display if site contains plugins missing from disk
MDL-68178 - Email-based self-registration confirmation email is not re-sent
MDL-67831 - The Message reply box is not fixed
MDL-66670 - list bullet points are cut off in some browsers
MDL-69246 - Question manual grading: floating point issues can lead to valid grades being rejected
MDL-65819 - Contact request email must respect the receiver's language
MDL-68715 - Condition: "Completion of other courses" is set without the course creator intervention
MDL-52052 - Import grades with an empty identifier causes bad upload but it doesn't show error message
MDL-55340 - Export labels from feedback
MDL-67671 - Backup step 2 show type options missing activity names
MDL-67440 - \core\task\analytics_cleanup_task extremely slow on Postgres site.
MDL-68210 - Unable to edit user overrides if assignment is not available to student
MDL-66900 - "Alternate image" gets removed upon editing course category settings.
MDL-66755 - After editing a forum post, a user is unsubscribed from the discussion
MDL-66626 - Assignfeedback_editpdf sending infinite request when page ready is not equal to page number of combined pdf
MDL-69297 - File-based Assignments shouldn't accept submissions without any files
MDL-69168 - Recently Accessed Items block uses stock LTI icon even if it has been customized
MDL-69215 - load_fontawesome_icon_map web service does not respect current theme
MDL-69414 - 3.9 regression - "Drag and drop onto image" flips in RTL lang.
MDL-69336 - Collapsing columns in dynamic tables no longer functions
MDL-55299 - Single and double quotes encoded in HTML characters in downloaded files
MDL-68618 - Forum idnumber update not working
MDL-68558 - Admin can get stuck on the Plugin dependencies check failure page
MDL-68444 - Calendar accessibility followups
MDL-69401 - Book's chapter title not showing max length limit
MDL-69358 - The 'backup_cleanup_task' task deletes records related to incompleted adhoc tasks
MDL-69375 - LTI Names and Roles Provisioning Service generates Link headers with incorrect format
MDL-66818 - Portfolio "export whole discussion" button should not be visible if the user has inadequate permissions
MDL-66707 - Forum too eager to mark messages as read (threaded view)
MDL-69296 - Pressing cancel on a resource activity settings page may result in a file download
MDL-69241 - Participants page pagination doesn't reset when applying filters
MDL-69199 - Complete user report incorrectly shows last modified time of quiz attempts, not time submitted
MDL-69112 - Underscore in folder name breaks assign feedback multi-upload
MDL-69089 - Content bank allows empty names
MDL-69069 - Insufficient colour contrast for in-place editable and drag and drop upload status
MDL-69054 - Edit button for badge backpack not displayed when version is OBv1.0
MDL-68964 - Swapping theme in chat window causing notice error
MDL-68889 - Recently accessed courses not functioning on small view ports
MDL-68731 - Forum digest processing does not mark posts as read
MDL-68706 - Course Custom field text area cant be emptied
MDL-42434 - Chat activity needs user help
MDL-69448 - Course Copy in 3.9 and 3.9.1 not working for teacher with extended permissions
MDL-69204 - User A can see the privacy and policies + data retention summary link on user B's profile page
MDL-69645 - Preferences window can be opened on Safe Exam Browser Mac clients during quizzes using manual configuration
Accessibility improvements
MDL-69394 - Insufficient colour contrast for calendar event colour indicators
MDL-68344 - File Picker: focus lost on upload
MDL-69391 - Some dropdown menus have insufficient colour contrast between text and background
MDL-69389 - Insufficient colour contrast between link text and normal text
MDL-69387 - Completion checkbox images don't have sufficient colour contrast
MDL-69214 - Error reading database on Participants page if site:accessallgroups is set to prohibit
MDL-69115 - Course and category management page accessibility followups
MDL-69114 - Insufficient colour contrast for .*-info classes
MDL-69111 - Forum grading panel cannot be used when zoomed to 400%
For developers
MDL-69068 - Allow behat generators to be pivoted
Security fixes
MSA-20-0011 Stored XSS via moodlenetprofile parameter in user profile
MSA-20-0012 Reflected XSS in tag manager
MSA-20-0013 "Log in as" capability in a course context may lead to some privilege escalation
MSA-20-0014 Denial of service risk in file picker unzip functionality
MSA-20-0015 Chapter name in book not always escaped with forceclean enabled
3.9.1
General fixes and improvements
MDL-60827 - OAuth 2 still expecting email verification after "Require email verification" has been disabled
MDL-68436 - Atto RecordRTC (record audio/video) plugin only works in the first editor on a page
MDL-69049 - Moodle 3.9 upgrade fails due to missing column in privacy plugins if standalone GDPR plugins were used
MDL-69106 - convert_submissions task with asynchronous document conversion cannot be completed by cron
MDL-69109 - Theme icons are lost after web upgrade in 3.9 or theme change in other versions
MDL-68992 - Update minimal age of digital consent according to current legislation
MDL-68215 - Make the Activity results block styling consistent with other blocks
MDL-69110 - Sorting does not work anymore in non-dynamic tables
MDL-66899 - Regrading quiz attempts should be logged
MDL-69077 - The capabilities moodle/question:tag* are not visible in the "Check permissions" page in the activity context
MDL-69021 - Alert links hard to distinguish
MDL-69099 - Some scheduled tasks are incorrectly labelled as "Disabled"
MDL-67294 - Choosing bulk removal of empty submissions causes an error
MDL-69031 - Missing Moodle app disable features settings for 3.9
Accessibility improvements
MDL-69008 - Accessibility issues in the pagination bar template
Security improvements
MDL-69047 - Content bank status message should be hard coded
Security fixes
MSA-20-0008 Reflected XSS in admin task logs filter
MSA-20-0009 Course enrolments allowed privilege escalation from teacher role into manager role
MSA-20-0010 yui_combo should mitigate denial of service risk
3.9
Please visit: https://docs.moodle.org/dev/Moodle_3.9_release_notes#
|
|
Changes with nginx 1.19.3 29 Sep 2020
*) Feature: the ngx_stream_set_module.
*) Feature: the "proxy_cookie_flags" directive.
*) Feature: the "userid_flags" directive.
*) Bugfix: the "stale-if-error" cache control extension was erroneously
applied if backend returned a response with status code 500, 502,
503, 504, 403, 404, or 429.
*) Bugfix: "[crit] cache file ... has too long header" messages might
appear in logs if caching was used and the backend returned responses
with the "Vary" header line.
*) Workaround: "[crit] SSL_write() failed" messages might appear in logs
when using OpenSSL 1.1.1.
*) Bugfix: "SSL_shutdown() failed (SSL: ... bad write retry)" messages
might appear in logs; the bug had appeared in 1.19.2.
*) Bugfix: a segmentation fault might occur in a worker process when
using HTTP/2 if errors with code 400 were redirected to a proxied
location using the "error_page" directive.
*) Bugfix: socket leak when using HTTP/2 and subrequests in the njs
module.
|
|
Release Date: 29 September 2020
* nginx modules:
- Bugfix: fixed location merge.
- Bugfix: fixed r.httpVersion for HTTP/2.
* Core:
- Feature: added support for numeric separators (ES12).
- Feature: added remaining methods for %TypedArray%.prototype. The following
methods were added: every(), filter(), find(), findIndex(), forEach(),
includes(), indexOf(), lastIndexOf(), map(), reduce(), reduceRight(),
reverse(), some().
- Feature: added %TypedArray% remaining methods. The following methods were added: from(), of().
- Feature: added DataView object.
- Feature: added Buffer object implementation.
- Feature: added support for ArrayBuffer in TextDecoder.prototype.decode()
- Feature: added support for Buffer object in crypto methods.
- Feature: added support for Buffer object in fs methods.
- Change: Hash.prototype.digest() and Hmac.prototype.digest() now return a
Buffer instance instead of a byte string when encoding is not provided.
- Change: fs.readFile() and friends now return a Buffer instance instead of a
byte string when encoding is not provided.
- Bugfix: fixed function prototype property handler while setting.
- Bugfix: fixed function constructor property handler while setting.
- Bugfix: fixed String.prototype.indexOf() for byte strings.
- Bugfix: fixed RegExpBuiltinExec() with a global flag and byte strings.
- Bugfix: fixed RegExp.prototype[Symbol.replace] the when replacement value is a
function.
- Bugfix: fixed TextDecoder.prototype.decode() with non-zero TypedArray offset.
|
|
|
|
|
|
3.5.0
* Following Django’s example in
`Ticket 31670 <https://code.djangoproject.com/ticket/31670>`__ for replacing
the term “whitelist”, plus an aim to make the setting names more
comprehensible, the following settings have been renamed:
* ``CORS_ORIGIN_WHITELIST`` -> ``CORS_ALLOWED_ORIGINS``
* ``CORS_ORIGIN_WHITELIST_REGEX`` -> ``CORS_ALLOWED_ORIGIN_REGEXES``
* ``CORS_ORIGIN_ALLOW_ALL`` -> ``CORS_ALLOW_ALL_ORIGINS``
The old names will continue to work as aliases, with the new ones taking
precedence.
|
|
0.12.0:
Added
Make reload delay configurable
Upgrade maximum h11 dependency version to 0.10
Allow .json or .yaml --log-config files
Add ASGI dict to the lifespan scope
Upgrade wsproto to 0.15.0
Use optional package installs
Changed
Dont set log level for root logger
Fixed
Revert "Improve shutdown robustness when using --reload or multiprocessing
Fix terminate error in windows
Fix bug where --log-config disables uvicorn loggers
|
|
v4.1.1:
- Add support for Python 3.9
- Update html5lib upper bound, now defined as `html5lib>=0.999,<2`, to ensure compatibility with Python 3.10
|
|
|
|
4.9.2
* Fixed a bug that caused too many tags to be popped from the tag
stack during tree building, when encountering a closing tag that had
no matching opening tag.
* Fixed a bug that inconsistently moved elements over when passing
a Tag, rather than a list, into Tag.extend().
* Specify the soupsieve dependency in a way that complies with
PEP 508. Patch by Mike Nerone.
* Change the signatures for BeautifulSoup.insert_before and insert_after
(which are not implemented) to match PageElement.insert_before and
insert_after, quieting warnings in some IDEs.
|
|
* Add ur locale.
* Sync with www/firefox-81.0.
|
|
Changelog:
September 22, 2020
Version 81.0, first offered to Release channel users on September 22, 2020
We'd like to extend a special thank you to all of the new Mozillians who
contributed to this release of Firefox.
New
* You can pause and play audio or video in Firefox right from your keyboard
or headset, giving you easy access to control your media when in another
Firefox tab, another program, or even when your computer is locked.
* In addition to our default, dark and light themes, with this release,
Firefox introduces the Alpenglow theme: a colorful appearance for buttons,
menus, and windows. You can update your Firefox themes under settings or
preferences.
* For our users in the US and Canada, Firefox can now save, manage, and
auto-fill credit card information for you, making shopping on Firefox ever
more convenient. To ensure the smoothest experience, this will be rolling
out to users gradually.
* Firefox supports AcroForm, which will soon allow you to fill in, print, and
save supported PDF forms and the PDF viewer also has a new fresh look.
* Our users in Austria, Belgium and Switzerland using the German version of
Firefox will now see Pocket recommendations in their new tab featuring some
of the best stories on the web. If you don’t see them, you can turn on
Pocket articles in your new tab by following these steps. In addition to
Firefox’s new tab, Pocket is also available as an app on iOS and Android.
Fixed
* Various security fixes.
* We’ve fixed a bug for users of language packs where the default language
was reset to English after Firefox updates.
* Browser native HTML5 audio/video controls received several important
accessibility fixes:
+ Audio/video controls remain accessible to screen readers even when they
are temporarily hidden visually.
+ Audio/video elapsed and total time are now accessible to screen readers
where they weren't previously.
+ Various unlabelled controls are now labelled making them identifiable
to screen readers.
+ Screen readers no longer intrusively report progress information unless
the user requests it.
Changed
* You will soon find Picture-in-Picture more easily on all the videos you
watch with new iconography.
* The bookmarks toolbar is now automatically revealed once bookmarks are
imported into Firefox, making it easier to find your most important
websites.
* We have expanded our supported file types - .xml, .svg, and .webp - so
files you’ve downloaded can be opened right in Firefox.
Security fixes:
#CVE-2020-15675: Use-After-Free in WebGL
#CVE-2020-15677: Download origin spoofing via redirect
#CVE-2020-15676: XSS when pasting attacker-controlled data into a
contenteditable element
#CVE-2020-15678: When recursing through layers while scrolling, an iterator may
have become invalid, resulting in a potential use-after-free scenario
#CVE-2020-15673: Memory safety bugs fixed in Firefox 81 and Firefox ESR 78.3
corruption and we presume that with enough effort some of these could have been
exploited to run arbitrary code.
#CVE-2020-15674: Memory safety bugs fixed in Firefox 81
|
|
Changes:
2.30.1
======
- Bring back the environment variable to force single process mode when PSON is disabled.
- Fix downloads started by an ephemeral web context.
- Translation updates: Brazilian Portuguese.
|
|
PKGREVISION++
|
|
Security Vulnerabilities fixed in Firefox ESR 78.3
#CVE-2020-15677: Download origin spoofing via redirect
#CVE-2020-15676: XSS when pasting attacker-controlled data into a
contenteditable element
#CVE-2020-15678: When recursing through layers while scrolling, an iterator
may have become invalid, resulting in a potential use-after-free scenario
#CVE-2020-15673: Memory safety bugs fixed in Firefox 81 and Firefox ESR 78.3
|
|
Add upstream patch for CVE-2020-25219. Bump revision.
|
|
|
|
Update php-ja-wordpress package to 5.5.1.
Most of changes are the same as wordpress package:
<http://mail-index.netbsd.org/pkgsrc-changes/2020/09/19/msg221317.html>.
Japanese own changes are unknown.
|
|
# httr 1.4.2
* Fix failing test.
* `parse_url()` now refers to RFC3986 for the parsing of the URL's
scheme, with a bit more permissive syntax (@ymarcon, #615).
|
|
It turns out the HTTPS plugin hardcodes the SSL certificate dir as
/etc/ssl/certs, which is incorrect in NetBSD. SUBST it to the correct
location and bump revision.
|
|
|
|
Data URIs allow resources to be embedded inside a URI. The URI::Data
class provides support for parsing these URIs using the normal
URI.parse method.
|
|
2.01 2020-09-18 17:51:10Z
- Add rel filter to find_link() (GH#305) (Julien Fiegehenn)
- Fix typos (GH#304) (Ferenc Erki)
|
|
8.59 2020-09-05
- Added l function to ojo. (kiwiroy)
- Added MOJO_PROMISE_DEBUG environment variable to Mojo::Promise.
|
|
1.94 2020-09-19
- better error if LockDataSource is missing in Apache::Session::Lock::MySQL
|
|
Update drupal8 package to 8.9.6.
Fixes these security prbolems:
SA-CORE-2020-007: CVE-2020-13666
SA-CORE-2020-008: CVE-2020-13667
SA-CORE-2020-009: CVE-2020-13668
SA-CORE-2020-010: CVE-2020-13669
SA-CORE-2020-011: CVE-2020-13670
|
|
Update drupal7 package to 7.73.
Drupal 7.73, 2020-09-16
-----------------------
- Fixed security issues:
- SA-CORE-2020-007
|
|
Update ruby-puma package to 5.0.0.
## 5.0.0
* Features
* Allow compiling without OpenSSL and dynamically load files needed for SSL, add 'no ssl' CI (#2305)
* EXPERIMENTAL: Add `fork_worker` option and `refork` command for reduced memory usage by forking from a worker process instead of the master process. (#2099)
* EXPERIMENTAL: Added `wait_for_less_busy_worker` config. This may reduce latency on MRI through inserting a small delay before re-listening on the socket if worker is busy (#2079).
* EXPERIMENTAL: Added `nakayoshi_fork` option. Reduce memory usage in preloaded cluster-mode apps by GCing before fork and compacting, where available. (#2093, #2256)
* Added pumactl `thread-backtraces` command to print thread backtraces (#2054)
* Added incrementing `requests_count` to `Puma.stats`. (#2106)
* Increased maximum URI path length from 2048 to 8192 bytes (#2167, #2344)
* `lowlevel_error_handler` is now called during a forced threadpool shutdown, and if a callable with 3 arguments is set, we now also pass the status code (#2203)
* Faster phased restart and worker timeout (#2220)
* Added `state_permission` to config DSL to set state file permissions (#2238)
* Added `Puma.stats_hash`, which returns a stats in Hash instead of a JSON string (#2086, #2253)
* `rack.multithread` and `rack.multiprocess` now dynamically resolved by `max_thread` and `workers` respectively (#2288)
* Deprecations, Removals and Breaking API Changes
* `--control` has been removed. Use `--control-url` (#1487)
* `worker_directory` has been removed. Use `directory`.
* min_threads now set by environment variables PUMA_MIN_THREADS and MIN_THREADS. (#2143)
* max_threads now set by environment variables PUMA_MAX_THREADS and MAX_THREADS. (#2143)
* max_threads default to 5 in MRI or 16 for all other interpreters. (#2143)
* preload by default if workers > 1 (#2143)
* Puma::Plugin.workers_supported? has been removed. Use Puma.forkable? instead. (#2143)
* `tcp_mode` has been removed without replacement. (#2169)
* Daemonization has been removed without replacement. (#2170)
* Changed #connected_port to #connected_ports (#2076)
* Configuration: `environment` is read from `RAILS_ENV`, if `RACK_ENV` can't be found (#2022)
* Log binding on http:// for TCP bindings to make it clickable
* Bugfixes
* Fix JSON loading issues on phased-restarts (#2269)
* Improve shutdown reliability (#2312, #2338)
* Close client http connections made to an ssl server with TLSv1.3 (#2116)
* Do not set user_config to quiet by default to allow for file config (#2074)
* Always close SSL connection in Puma::ControlCLI (#2211)
* Windows update extconf.rb for use with ssp and varied Ruby/MSYS2 combinations (#2069)
* Ensure control server Unix socket is closed on shutdown (#2112)
* Preserve `BUNDLE_GEMFILE` env var when using `prune_bundler` (#1893)
* Send 408 request timeout even when queue requests is disabled (#2119)
* Rescue IO::WaitReadable instead of EAGAIN for blocking read (#2121)
* Ensure `BUNDLE_GEMFILE` is unspecified in workers if unspecified in master when using `prune_bundler` (#2154)
* Rescue and log exceptions in hooks defined by users (on_worker_boot, after_worker_fork etc) (#1551)
* Read directly from the socket in #read_and_drop to avoid raising further SSL errors (#2198)
* Set `Connection: closed` header when queue requests is disabled (#2216)
* Pass queued requests to thread pool on server shutdown (#2122)
* Fixed a few minor concurrency bugs in ThreadPool that may have affected non-GVL Rubies (#2220)
* Fix `out_of_band` hook never executed if the number of worker threads is > 1 (#2177)
* Fix ThreadPool#shutdown timeout accuracy (#2221)
* Fix `UserFileDefaultOptions#fetch` to properly use `default` (#2233)
* Improvements to `out_of_band` hook (#2234)
* Prefer the rackup file specified by the CLI (#2225)
* Fix for spawning subprocesses with fork_worker option (#2267)
* Set `CONTENT_LENGTH` for chunked requests (#2287)
* JRuby - Add Puma::MiniSSL::Engine#init? and #teardown methods, run all SSL tests (#2317)
* Improve shutdown reliability (#2312)
* Resolve issue with threadpool waiting counter decrement when thread is killed
* Constrain rake-compiler version to 0.9.4 to fix `ClassNotFound` exception when using MiniSSL with Java8.
* Fix recursive `prune_bundler` (#2319).
* Ensure that TCP_CORK is usable
* Fix corner case when request body is chunked (#2326)
* Fix filehandle leak in MiniSSL (#2299)
* Refactor
* Remove unused loader argument from Plugin initializer (#2095)
* Simplify `Configuration.random_token` and remove insecure fallback (#2102)
* Simplify `Runner#start_control` URL parsing (#2111)
* Removed the IOBuffer extension and replaced with Ruby (#1980)
* Update `Rack::Handler::Puma.run` to use `**options` (#2189)
* ThreadPool concurrency refactoring (#2220)
* JSON parse cluster worker stats instead of regex (#2124)
* Support parallel tests in verbose progress reporting (#2223)
* Refactor error handling in server accept loop (#2239)
|
|
Changes:
5.5:
- lazy-loaded images
- new sitemap
- autoupdate of plugins and themes
- block editor:
- block patterns
- block directory
- inline image editing
5.5.1:
WordPress Core changes on Trac:
#50882 - Administration: WP 5.5: Cannot attribute content when deleting users
#50998 - Quick/Bulk Edit: Editing posts using bottom "Bulk actions" dropdown menu doesn't work
#38009 - Comments: #reply-title.comment-reply-title not updating when replying to an individual
#50845 - Editor: Block patterns: Fix translatable strings (take 2)
#50858 - Site Health: Check PHP notices with site_status_tests filter
#50887 - Site Health: Add site environment to debug information
#50892 - Editor: Some block patterns have text contrast issues with dark themes
#50910 - Sitemaps: 5.5 Sitemap URLs are incorrectly paginated
#50912 - Site Health: flags define WP_AUTO_UPDATE_CORE value as an error
#50919 - Script Loader: Change the jquery handle back to an alias for jquery-core
#50933 - Media: Lazy loading in 5.5 causes flashing of custom logo in Firefox
#50945 - Site Health: don't give a warning when upload_max_size is lower than max_post_size
#50988 - Upgrade/Install: Pass details about the specific plugin and theme updates attempted to filters
#50992 - Bootstrap/Load: Remove the ability to alter the list of environment types in wp_get_environment_type()
#50999 - Script Loader: Disable concatenation for scripts with translations to ensure they are printed in the right order
#51011 - Upgrade/Install: Empty string comparison on home option during DB upgrades is invalid
#51018 - Editor: PHP Notice thrown when searching for certain terms via the Gutenberg block directory
#51151 - Editor: Packages update
#51021 - REST API: Permit uniqueItems keyword in endpoint args
#51146 - REST API: Fix multi-type schemas with integer fields
#51029 - Filesystem API: Typo in variable name causes warning from fclose()
#51042 - Post: missing excerpt
#51050 - Docs: Add docblock for get_the_archive_title() filter
#51052 - Administration: Undefined index: update-supported
#51060 - Docs: Update register_rest_route docblock to reflect additions since 5.5
#51064 - Bootstrap/Load: Consider adding "local" as environment on WP_ENVIRONMENT_TYPE
#51073 - Administration: Extra padding below the admin bar
#51075 - Docs: Update docs for custom logo functions
#51122 - Docs: add a mention about the use of loading attribute in wp_get_attachment_image function
#51127 - UI/CSS: Remove non-color related styling from Modern color scheme
#51129 - Upgrade/Install: Only display the auto-update links on the Network Admin > Themes screen for themes that support the feature
#51337 - Template: wp_terms_checklist not checking selected taxonomy items with selected_cats option
#51184 - get_the_date() checks $format only for empty variable and fails on false boolean
#51182 - Theme_Installer_skin::do_overwrite does not work on a Windows server
#38009 - #reply-title.comment-reply-title not updating when replying to an individual
#51123 - commonL10n and other JS globals removed without backwards compatibility
#50848 - Clarify the usage of null for auto_update_{$type} filter
#51081 - Fatal Error - Undefined get_page_templates() in Customizer
#51154 - sitemaps should be initialized before each test is run
#51028 - Dot should be out of the quotes
Block editor changes from GitHub:
PR24609 - Fix missing selected block highlighting in list view
PR24599 - Fix specificity for buttons with outline style and background colors
PR24533 - Fix incorrect aria description in List View
PR24516 - Fix regression bug for category select in QueryControls component
PR24478 - Fix tiny editor preview when using Mobile or Tablet options with metaboxes enabled
|
|
|
|
Changelog:
19.0.3
Changes
Fix possible leaking scope in Flow (server#22410)
Combine body-login rules in theming and fix twofactor and guest styling on bright colors (server#22427)
Show better quota warning for group folders and external storage (server#22442)
Add php docs build script (server#22448)
Fix clicks on actions menu of non opaque file rows in acceptance tests (server#22503)
Fix writing BLOBs to postgres with recent contacts interaction (server#22515)
Set the mount id before calling storage wrapper (server#22519)
Fix S3 error handling (server#22521)
Only disable zip64 if the size is known (server#22537)
Change free space calculation (server#22553)
Do not keep the part file if the forbidden exception has no retry set (server#22560)
Fix app password updating out of bounds (server#22569)
Use the correct root to determinate the webroot for the resource (server#22579)
Upgrade icewind/smb to 3.2.7 (server#22581)
Bump elliptic from 6.4.1 to 6.5.3 (notifications#732)
Fixes regression that prevented you from toggling the encryption flag (privacy#489)
Match any non-whitespace character in filesystem pattern (serverinfo#229)
Catch StorageNotAvailable exceptions (text#1001)
Harden read only check on public endpoints (text#1017)
Harden check when using token from memcache (text#1020)
Sessionid is an int (text#1029)
Only overwrite Ctrl-f when text is focussed (text#990)
Set the X-Requested-With header on dav requests (viewer#582)
19.0.2
Changes
Lower minimum search length to 2 characters (server#21782)
Call openssl_pkey_export with $config and log errors. (server#21804)
Improve error reporting on sharing errors (server#21806)
Do not log RequestedRangeNotSatisfiable exceptions in DAV (server#21840)
Fix parsing of language code (server#21857)
Fix typo in revokeShare() (server#21876)
Discourage webauthn user interaction (server#21917)
Encryption is ready if master key is enabled (server#21935)
Disable fragile comments tests (server#21939)
Do not double encode the userid in webauthn login (server#21953)
Update icewind/smb to 3.2.6 (server#21955)
Respect default share permissions (server#21967)
allow admin to configure the max trashbin size (server#21975)
Fix risky test in twofactor_backupcodes (server#21978)
Fix PHPUnit deprecation warnings (server#21981)
Fix moving files from external storage to object store trashbin (server#21983)
Ignore whitespace in sharing by mail (server#21991)
Properly fetch translation for remote wipe confirmation dialog (server#22036)
Parse_url returns null in case a parameter is not found (server#22044)
Bump elliptic from 6.5.2 to 6.5.3 (server#22050)
Correctly remove usergroup shares on removing group members (server#22053)
Fix height to big for iPhone when using many apps (server#22064)
Reset the cookie internally in new API when abandoning paged results op (server#22069)
Add Guzzle's InvalidArgumentException (server#22070)
Contactsmanager shall limit number of results early (server#22091)
Fix browser freeze on long password input (server#22094)
Search also the email and displayname in user mangement for groups (server#22118)
Ensured large image is unloaded from memory when generating previews (server#22121)
Fix display of remote users in incoming share notifications (server#22131)
Reuse cache for directory mtime/size if filesystem changes can be ignored (server#22171)
Remove unexpected argument (server#22178)
Do not exit if available space cannot be determined on file transfer (server#22181)
Fix empty 'more' apps navigation after installing an app (server#22183)
Fix default log_rotate_size in config.sample.php (server#22192)
shortcut in reading nested group members when IN_CHAIN is available (server#22203)
Fix chmod on file descriptor (server#22208)
Do clearstatcache() on rmdir (server#22209)
SSE enhancement of file signature (server#22210)
Remove logging message carrying no valuable information (server#22215)
Add app config option to disable "Email was changed by admin" activity (server#22232)
Delete chunks if the move on an upload failed (server#22239)
Silence duplicate session warnings (server#22247)
Doctrine: Fix unquoted stmt fragments backslash escaping (server#22252)
Allow to disable share emails (server#22300)
Show disabled user count in occ user:report (server#22302)
Bump 3rdparty to last stable19 commit (server#22303)
Fixing a logged deprecation message (server#22309)
CalDAV: Add ability to limit sharing to owner (server#22333)
Only copy the link when updating a share or no password was forced (server#22337)
Remove encryption option for nextcloud external storage (server#22341)
L10n:Correct appid for WebAuthn (server#22348)
Properly search for users when limittogroups is enabled (server#22355)
SSE: make legacy format opt in (server#22381)
Update the CRL (server#22387)
Fix missing FN from federated contact (server#22400)
Fix event icon sizes and text alignment (server#22414)
Bump stecman/symfony-console-completion from 0.8.0 to 0.11.0 (3rdparty#457)
Add Guzzle's InvalidArgumentException (3rdparty#474)
Doctrine: Fix unquoted stmt fragments backslash escaping (3rdparty#486)
Fix cypress (viewer#545)
Move to webpack vue global config & bump deps (viewer#558)
|
|
Logswan 2.1.7 (2020-09-17)
- Add a Perl program to generate an example MMDB database for testing
- Add a new test case to exercise the IP geolocation codepaths
- Add support for seccomp on arm
- Add missing test for __NR_mmap, the mmap syscall doesn't exist on arm
|
|
|
|
|
|
CHANGELOG for gnurl-7.72.0 released 2020-09-16 (curl 7.72.0)
------------------------------------------------------------
gnurl:
No significant changes
curl:
Fixed in 7.72.0 - August 19 2020
Changes:
content_encoding: add zstd decoding support
CURL_PUSH_ERROROUT: allow the push callback to fail the parent stream
CURLINFO_EFFECTIVE_METHOD: added
Bugfixes:
CVE-2020-8231: libcurl: wrong connect-only connection
appveyor: collect libcurl.dll variants with prefix or suffix
asyn-ares: correct some bad comments
bearssl: fix build with disabled proxy support
buildconf: avoid array concatenation in die()
buildconf: retire ares buildconf invocation
checksrc: ban gmtime/localtime
checksrc: invoke script with -D to find .checksrc proper
CI/azure: install libssh2 for use with msys2-based builds
CI/azure: unconditionally enable warnings-as-errors with autotools
CI/macos: enable warnings as errors for CMake builds
CI/macos: set minimum macOS version
CI/macos: unconditionally enable warnings-as-errors with autotools
CI: Add muse CI analyzer
cirrus-ci: upgrade 11-STABLE to 11.4
CMake: don't complain about missing nroff
CMake: fix test for warning suppressions
cmake: fix windows xp build
configure.ac: Sort features name in summary
configure: allow disabling warnings
configure: cleanup wolfssl + pkg-config conflicts when cross compiling.
configure: show zstd "no" in summary when built without it
connect: remove redundant message about connect failure
curl-config: ignore REQUIRE_LIB_DEPS in --libs output
curl.1: add a few missing valid exit codes
curl: add %{method} to the -w variables
curl: improve the existing file check with -J
curl_multi_setopt: fix compiler warning "result is always false"
curl_version_info.3: CURL_VERSION_KERBEROS4 is deprecated
CURLINFO_CERTINFO.3: fix typo
CURLOPT_NOBODY.3: clarify what setting to 0 means
docs: add date of 7.20 to CURLM_CALL_MULTI_PERFORM mentions
docs: Add video link to docs/CONTRIBUTE.md
docs: change "web site" to "website"
docs: clarify MAX_SEND/RECV_SPEED functionality
docs: Update a few leftover mentions of DarwinSSL
doh: remove redundant cast
file2memory: use a define instead of -1 unsigned value
ftp: don't do ssl_shutdown instead of ssl_close
ftpserver: don't verify SMTP MAIL FROM names
getinfo: reset retry-after value in initinfo
gnutls: repair the build with `CURL_DISABLE_PROXY`
gtls: survive not being able to get name/issuer
h2: repair trailer handling
http2: close the http2 connection when no more requests may be sent
http2: fix nghttp2_strerror -> nghttp2_http2_strerror in debug messages
libssh2: s/ssherr/sftperr/
libtest/Makefile.am: add -no-undefined for libstubgss for Cygwin
md(4|5): don't use deprecated macOS functions
mprintf: Fix dollar string handling
mprintf: Fix stack overflows
multi: Condition 'extrawait' is always true
multi: Remove 10-year old out-commented code
multi: remove two checks always true
multi: update comment to say easyp list is linear
multi_remove_handle: close unused connect-only connections
ngtcp2: adapt to error code rename
ngtcp2: adjust to recent sockaddr updates
ngtcp2: update to modified qlog callback prototype
nss: fix build with disabled proxy support
ntlm: free target_info before (re-)malloc
openssl: fix build with LibreSSL < 2.9.1
page-header: provide protocol details in the curl.1 man page
quiche: handle calling disconnect twice
runtests.pl: treat LibreSSL and BoringSSL as OpenSSL
runtests: move the gnutls-serv tests to a dynamic port
runtests: move the smbserver to use a dynamic port number
runtests: move the TELNET server to a dynamic port
runtests: run the DICT server on a random port number
runtests: run the http2 tests on a random port number
runtests: support dynamicly base64 encoded sections in tests
setopt: unset NOBODY switches to GET if still HEAD
smtp_parse_address: handle blank input string properly
socks: use size_t for size variable
strdup: remove the odd strlen check
test1119: verify stdout in the test
test1139: make it display the difference on test failures
test1140: compare stdout
test1908: treat file as text
tests/FILEFORMAT.md: mention %HTTP2PORT
tests/sshserver.pl: fix compatibility with OpenSSH for Windows
TLS naming: fix more Winssl and Darwinssl leftovers
tls-max.d: this option is only for TLS-using connections
tlsv1.3.d. only for TLS-using connections
tool_doswin: Simplify Windows version detection
tool_getparam: make --krb option work again
TrackMemory tests: ignore realloc and free in getenv.c
transfer: fix data_pending for builds with both h2 and h3 enabled
transfer: fix memory-leak with CURLOPT_CURLU in a duped handle
transfer: move retrycount from connect struct to easy handle
travis/script.sh: fix use of `-n' with unquoted envvar
travis: add ppc64le and s390x builds
travis: update quiche builds for new boringssl layout
url: fix CURLU and location following
url: silence MSVC warning
util: silence conversion warnings
win32: Add Curl_verify_windows_version() to curlx
WIN32: stop forcing narrow-character API
windows: add unicode to feature list
windows: disable Unix Sockets for old mingw
Fixed in 7.71.1 - July 1 2020
Bugfixes:
cirrus-ci: disable FreeBSD 13 (again)
Curl_inet_ntop: always check the return code
CURLOPT_READFUNCTION.3: provide the upload data size up front
DYNBUF.md: fix a typo: trail => tail
escape: make the URL decode able to reject only %00-bytes
escape: zero length input should return a zero length output
examples/multithread.c: call curl_global_cleanup()
http2: set the correct URL in pushed transfers
http: fix proxy auth with blank password
mbedtls: fix build with disabled proxy support
ngtcp2: sync with current master
openssl: Fix compilation on Windows when ngtcp2 is enabled
Revert "multi: implement wait using winsock events"
sendf: improve the message on client write errors
terminology: call them null-terminated strings
tool_cb_hdr: Fix etag warning output and return code
url: allow user + password to contain "control codes" for HTTP(S)
vtls: compare cert blob when finding a connection to reuse
Fixed in 7.71.0 - June 24 2020
Changes:
CURLOPT_SSL_OPTIONS: optional use of Windows' CA store (with openssl)
setopt: add CURLOPT_PROXY_ISSUERCERT(_BLOB) for coherency
setopt: support certificate options in memory with struct curl_blob
tool: Add option --retry-all-errors to retry on any error
Bugfixes:
*_sspi: fix bad uses of CURLE_NOT_BUILT_IN
all: fix codespell errors
altsvc: bump to h3-29
altsvc: fix 'dsthost' may be used uninitialized in this function
altsvc: fix parser for lines ending with CRLF
altsvc: remove the num field from the altsvc struct
appveyor: add non-debug plain autotools-based build
appveyor: disable flaky test 1501 and ignore broken 1056
appveyor: disable test 1139 instead of ignoring it
asyn-*: remove support for never-used NULL entry pointers
azure: use matrix strategy to avoid configuration redundancy
build: disable more code/data when built without proxy support
buildconf: remove -print from the find command that removes files
checksrc: enhance the ASTERISKSPACE and update code accordingly
CI/macos: fix 'is already installed' errors by using bundle
cirrus: disable SFTP and SCP tests
CMake: add ENABLE_ALT_SVC option
CMake: add HTTP/3 support (ngtcp2+nghttp3, quiche)
CMake: add libssh build support
CMake: do not build test programs by default
CMake: fix runtests.pl with CMake, add new test targets
CMake: ignore INTERFACE_LIBRARY targets for pkg-config file
CMake: rebuild Makefile.inc.cmake when Makefile.inc changes
CODE_REVIEW.md: how to do code reviews in curl
configure: fix pthread check with static boringssl
configure: for wolfSSL, check for the DES func needed for NTLM
configure: only strip first -L from LDFLAGS
configure: repair the check if argv can be written to
configure: the wolfssh backend does not provide SCP
connect: improve happy eyeballs handling
connect: make happy eyeballs work for QUIC (again)
curl.1: Quote globbed URLs
curl: remove -J "informational" written on stdout
Curl_addrinfo: use one malloc instead of three
CURLINFO_ACTIVESOCKET.3: clarify the description
doc: add missing closing parenthesis in CURLINFO_SSL_VERIFYRESULT.3
doc: Rename VERSIONS to VERSIONS.md as it already has Markdown syntax
docs/HTTP3: add qlog to the quiche build instruction
docs/options-in-versions: which version added each cmdline option
docs: unify protocol lists
dynbuf: introduce internal generic dynamic buffer functions
easy: fix dangling pointer on easy_perform fail
examples/ephiperfifo: turn off interval when setting timerfd
examples/http2-down/upload: add error checks
examples: remove asiohiper.cpp
FILEFORMAT: add more features that tests can depend on
FILEFORMAT: describe verify/stderr
ftp: make domore_getsock() return the secondary socket properly
ftp: mark return-ignoring calls to Curl_GetFTPResponse with (void)
ftp: shut down the secondary connection properly when SSL is used
GnuTLS: Backend support for CURLINFO_SSL_VERIFYRESULT
hostip: make Curl_printable_address not return anything
hostip: on macOS avoid DoH when given a numerical IP address
http2: keep trying to send pending frames after req.upload_done
http2: simplify and clean up trailer handling
HTTP3.md: clarify cargo build directory
http: move header storage to Curl_easy from connectdata
libcurl.pc: Merge Libs.private into Libs for static-only builds
libssh2: improved error output for wrong quote syntax
libssh2: keep sftp errors as 'unsigned long'
libssh2: set the expected total size in SCP upload init
libtest/cmake: Remove commented code
list-only.d: this option existed already in 4.0
manpage: add three missing environment variables
multi: add defensive check on data->multi->num_alive
multi: implement wait using winsock events
ngtcp2: cleanup memory when failing to connect
ngtcp2: fix build with current ngtcp2 master implementing draft 28
ngtcp2: fix happy eyeballs quic connect crash
ngtcp2: introduce qlog support
ngtcp2: never call fprintf() in lib code in release version
ngtcp2: update with recent API changes
ntlm: enable NTLM support with wolfSSL
OpenSSL: have CURLOPT_CRLFILE imply CURLSSLOPT_NO_PARTIALCHAIN
openssl: set FLAG_TRUSTED_FIRST unconditionally
projects: Add crypt32.lib to dependencies for all OpenSSL configs
quiche: clean up memory properly when failing to connect
quiche: enable qlog output
quiche: update SSLKEYLOGFILE support
Revert "buildconf: use find -execdir"
Revert "ssh: ignore timeouts during disconnect"
runtests: remove sleep calls
runtests: show elapsed test time with higher precision (ms)
select: always use Sleep in Curl_wait_ms on Win32
select: fix overflow protection in Curl_socket_check
sendf: make failf() use the mvsnprintf() return code
server/sws: fix asan warning on use of uninitialized variable
server/util: fix logmsg format using curl_off_t argument
sha256: fixed potentially uninitialized variable
share: don not set the share flag it something fails
sockfilt: make select_ws stop waiting on exit signal event
socks: detect connection close during handshake
socks: fix expected length of SOCKS5 reply
socks: remove unreachable breaks in socks.c and mime.c
source cleanup: remove all custom typedef structs
test1167: fixes in badsymbols.pl
test1177: look for curl.h in source directory
test1238: avoid tftpd being busy for tests shortly following
test613.pl: make tests 613 and 614 work with OpenSSH for Windows
test75: Remove precheck test
tests: add https-proxy support to the test suite
tests: add support for SSH server variant specific transfer paths
tests: add two simple tests for --login-options
tests: make test 1248 + 1249 use %NOLISTENPORT
tests: pick a random port number for SSH
tests: run stunnel for HTTPS and FTPS on dynamic ports
timeouts: change millisecond timeouts to timediff_t from time_t
timeouts: move ms timeouts to timediff_t from int and long
tool: fixup a few --help descriptions
tool: support UTF-16 command line on Windows
tool_cfgable: free login_options at exit
tool_getparam: -i is not OK if -J is used
tool_getparam: fix memory leak in parse_args
tool_operate: fixed potentially uninitialized variables
tool_paramhlp: fixed potentially uninitialized strtol() variable
transfer: close connection after excess data has been read
travis: add "qlog" as feature in the quiche build
travis: Add ngtcp2 and quiche tests for CMake
travis: upgrade to bionic, clang-9, improve readability
typecheck-gcc.h: CURLINFO_PRIVATE does not need a 'char *'
unit1604.c: fix implicit conv from 'SANITIZEcode' to 'CURLcode'
url: accept "any length" credentials for proxy auth
url: alloc the download buffer at transfer start
url: make the updated credentials URL-encoded in the URL
url: reject too long input when parsing credentials
url: sort the protocol schemes in rough popularity order
urlapi: accept :: as a valid IPv6 address
urldata: leave the HTTP method untouched in the set.* struct
urlglob: treat literal IPv6 addresses with zone IDs as a host name
user-agent.d: spell out what happens given a blank argument
vauth/cleartext: fix theoretical integer overflow
version.d: expanded and alpha-sorted
vtls: Extract and simplify key log file handling from OpenSSL
wolfssl: add SSLKEYLOGFILE support
wording: avoid blacklist/whitelist stereotypes
write-out.d: added "response_code"
|
|
|
|
|
|
|
|
Update ruby-unicorn package to 5.7.0.
5.7.0 (2020-09-08)
Changes:
unicorn 5.7.0
Relaxed Ruby version requirements for Ruby 3.0.0dev.
Thanks to Jean Boussier for testing
5.6.0 (2020-07-26)
Changes:
unicorn 5.6.0 - early_hints support
This release adds support for the early_hints configurator
directive for the 'rack.early_hints' API used by Rails 5.2+.
Thanks to Jean Boussier for the patch.
|
|
Update ruby-sinatra and ruby-sinatra-contrib package to 2.1.0.
2.1.0 / 2020-09-05
* Fix additional Ruby 2.7 keyword warnings #1586 by Stefan Sundin
* Drop Ruby 2.2 support #1455 by Eloy Pérez
* Add default_content_type setting. Fixes #1238 #1239 by Mike Pastore
* Allow set :<engine> in sinatra-namespace #1255 by Christian Höppner
* Use prepend instead of include for helpers. Fixes #1213 #1214 by Mike
Pastore
* Fix issue with passed routes and provides Fixes #1095 #1606 by Mike
Pastore, Jordan Owens
* Add QuietLogger that excludes pathes from Rack::CommonLogger 1250 by
Christoph Wagner
* Sinatra::Contrib dependency updates. Fixes #1207 #1411 by Mike Pastore
* Allow CSP to fallback to default-src. Fixes #1484 #1490 by Jordan Owens
* Replace origin_whitelist with permitted_origins. Closes #1620 #1625 by
rhymes
* Use Rainbows instead of thin for async/stream features. Closes #1624 #1627
by Ryuichi KAWAMATA
* Enable EscapedParams if passed via settings. Closes #1615 #1632 by Anders
Bälter
* Support for parameters in mime types. Fixes #1141 by John Hope
* Handle null byte when serving static files #1574 by Kush Fanikiso
* Improve development support and documentation and source code by Olle
Jonsson, Pierre-Adrien Buisson, Shota Iguchi
|
|
Update ruby-rack-protection package to 2.1.0.
2.1.0 (2020-09-05)
* Add Rack::Protection::ReferrerPolicy #1291 by Stefan Sundin
|
|
Update ruby-puma to 4.3.6.
## 4.3.6 / 2020-09-05
* Bugfixes
* Explicitly include ctype.h to fix compilation warning and build error on
macOS with Xcode 12 (#2304)
* Don't require json at boot (#2269)
|
|
Update ruby-loofah package to 2.7.0.
2.7.0 / 2020-08-26
Features
* Allow CSS properties page-break-before, page-break-inside, and
page-break-after. [#190] (Thanks, @ahorek!)
Fixes
* Don't drop the !important rule from some CSS properties. [#191] (Thanks,
@b7kich!)
|
