Age | Commit message (Collapse) | Author | Files | Lines |
|
**Backwards incompatible changes**
- clean: The list of ``ALLOWED_PROTOCOLS`` now defaults to http, https and
mailto. Previously it was a long list of protocols something like ed2k, ftp,
http, https, irc, mailto, news, gopher, nntp, telnet, webcal, xmpp, callto,
feed, urn, aim, rsync, tag, ssh, sftp, rtsp, afs, data.
**Changes**
- clean: Added ``protocols`` to arguments list to let you override the list of
allowed protocols. Thank you, Andreas Malecki!
- linkify: Fix a bug involving periods at the end of an email address. Thank you,
Lorenz Schori!
- linkify: Fix linkification of non-ascii ports. Thank you Alexandre, Macabies!
- linkify: Fix linkify inappropriately removing node tails when dropping nodes.
- Fixed a test that failed periodically.
- Switched from nose to py.test.
- Add test matrix for all supported Python and html5lib versions.
- Limit to html5lib ``>=0.999,!=0.9999,!=0.99999,<0.99999999`` because 0.9999
and 0.99999 are busted.
- Add support for ``python setup.py test``.
|
|
taken from firefox.
PKGREVISION -> 7.
|
|
Many of these definitely do not depend on readline.
So there must be a different underlying problem, and that
should be tracked down instead of papering over it.
|
|
Changes:
o accomodate for differing dependencies:
+ graphics/gifsicle as a bug workaround
+ devel/flim (this was an implicite dependency through devel/semi)
- devel/{apel,semi}, editors/mule-ucs contained in xemacs-packages
o conditional PLIST changes for differing installation paths
Tested with xemacs 21.4 and emacs 22
|
|
Bump PKGREVISION.
|
|
Upstream changes:
0.18 2016-10-03T04:36:04Z
- Use a better tempdir, fix some documentation, and make json test more readable #4 (Thank you karenetheridge)
|
|
Add missing DEPENDS
Upstream changes:
0.19 2016-11-08 08:08:16 Europe/Copenhagen
- The standard is not clear on this, and some servers don't allow them, but it seems that DELETE can take a request body.
- Added serializer_options so it's possible to instantiate the serializer w/ parameters
- Fixed "Use of uninitialized value in concatenation (.) or string" warning when $self->server is not initialized
- Changes for rt #118413. Thanks to abraxxa
http_headers return a combined hashref of http_headers and persistent_headers
new method, clear_all_headers
|
|
Upstream changes:
7.11 2016-11-30
- Added EXPERIMENTAL close_idle_connections method to Mojo::Server::Daemon.
- Improved one_tick method in Mojo::IOLoop to protect from recursion, similar
to the start method.
- Improved log attribute in Mojolicious to make it easier to override default
settings. (jberger)
- Fixed bug in Mojo::Server::Prefork where workers would accept keep-alive
requests after a graceful shutdown had already been initiated.
- Fixed bugs in Mojo::Util and Mojo::Asset::File where incomplete writes would
not be recognized as errors. (bobkare, sri)
|
|
|
|
Upstream changes:
Major features
Highlights
MDL-55071, MDL-55074 - New "Boost" Bootstrap 4 theme, usability improvements of the navigation
MDL-54682 - Messaging UI improvements
MDL-52777 - User tours - walkthoughs/instructional overlays for first time user on page
MDL-38158 - Pluggable media players in Moodle; Video.JS player
MDL-55324 - Easier embedding videos in audios in Atto editor with poster, subtitles and other attributes
MDL-54987 - New chart API and library
Mobile app
MDL-53870 - Support for offline quizzes in the Mobile app
MDL-53777 - Include support for login via the browser in the new Moodle Mobile admin tool
MDL-55059 - Support Smart App Banners for iOS
MDL-56607 - Move mobile settings to top-level admin
External tool (LTI)
MDL-49609 - Add LTI Content Item support
MDL-47113 - Open LTI Tools in new Window, add link when popup is blocked
MDL-53832 - LTI v2.0 support
Assignment
MDL-38105 - Allow negative score for rubric and change default grade calculation method
MDL-29795 - Assignment deadline overrides for an individual or group
MDL-54872 - Sort blind marked assignment by blind ID instead of userid
Quiz
MDL-48629 - Change the separator for matching correct answer feedback
MDL-3782 - Allow multiple answers in cloze MULTICHOICE question type
MDL-55200 - Show coordinates in ddmarker questions to simplify dropzone creation
MDL-27072 - Quiz reports now work on very large courses, rather than running out of memory
Choice
MDL-18592 - Allow teacher to make choices for students
MDL-11369 - Show choice deadline in the course calendar
MDL-55140 - Allow to specify open and close dates separately
MDL-37946 - When choice display is set horizontal or vertical apply it to both options and results display
Forum
MDL-18599 - Upon restore, association of "owner" of single simple discussion forum type defaults to user completing restore. Solution: hide author of the first post
MDL-37669 - Forum: Make "Mark as read on notification" a user preference
MDL-55982 - Add support for automatic locking of an individual forum discussion after a period of inactivity
Other activity modules
MDL-55327 - Lesson: option to duplicate pages
MDL-55868 - Book: various usability improvements
MDL-56100 - Folder: Display in recent activity block
MDL-54945 - Workshop: integrate with portfolio API
MDL-48944 - Survey: activity completion condition on survey completion
MDL-44712 - SCORM: improve Multi-SCO completion handing in activity completion
MDL-55158 - Database activity: add start and end dates to the calendar
MDL-14448, MDL-55464, MDL-55254, MDL-55251, MDL-49029 - Add standard capability "mod/xxxxx:view" to Lesson, Label, Database, Chat and Choice activities
MDL-55866 - Remember editor disabled setting on a per-activity setting
Global search
MDL-54794 - Add users to global search
MDL-54973 - Add messages to global search
MDL-55127 - Add database entries to global search
MDL-53222 - Revise admin settings/report for global search for improved usability
Other improvements
MDL-30179 - Allow teacher to toggle to/from "user view" in the User report in the gradebook (some items may be hidden for students but not teachers)
MDL-53048 - New "password" fields that are not auto-filled by password managers
MDL-55767 - Competency frameworks import
MDL-29110 - Specify welcome email sender in enrol_self, or send emails from system noreply address
MDL-22078 - Store "End date" for each course to be used in reports and analytics
MDL-53399 - 'Activity chooser off/on' option moved to user preferences
MDL-54751 - Introduce asynchronous module deletion so that recycle bin backup does not slow down editing process for the teacher
MDL-55981 - By default non-editing teacher should not be able to access all groups (roles in upgraded sites are not changed)
MDL-31356 - IMS Enterprise enrol plugin added features
MDL-43230 - Support revoking awarded badges
MDL-50286 - Allow to filter report_log by origin : Logs clogged up with events listed as origin cli
MDL-51749 - Add Ability to Export Calendar for user or group events
MDL-50888 - Antivirus: Implement ClamAV virus scanning using unix sockets.
MDL-54617 - Always show count of online users in the online users block
MDL-54680 - Offer cartridges in LTI provider
For administrators
Please read carefully: Possible issues that may affect you in Moodle 3.2
MDL-44467 - Return-Path should use no-reply address instead of support email; use only no-reply email or allowed domains in "From" header
MDL-48468 - Add a Redis cache store to Moodle core
MDL-39117 - Add a APCu cache store to Moodle core
MDL-54947 - Update PostgreSQL binary (bytea) handling and improve connection performance
MDL-48766 - Support IPv6 in IP lookup tool
MDL-55124 - Support for connection pooler (pgbouncer) in PostgreSQL connection
MDL-55916 - Maintenance mode should serve a http 503 instead of a 200
MDL-54606 - Sessions: Add support for Redis as a session_class_handler
MDL-53366 - Antivirus clamav: Remove "Quarantine directory" settings parameter.
MDL-55791 - Add capability to allow certain users through Maintenance mode
Plugins removal
If you are using any of the following you need to download and install the plugins or otherwise they will be removed following 3.2 upgrade:
MDL-55837 - Themes Base and Canvas - these themes can not be used by themselves but they may be used as parent themes
MDL-49533 - Repository Alfresco for Alfresco 4.2 and below, see Alfresco repository documentation
MDL-55927 - Authentication method Radius. This plugin uses mcrypt library and is not compatible with PHP 7.1
MDL-38158 - Media players Flowplayer, Windows media player, RealPlayer, Quicktime - these media players were present in Moodle 3.1 but removed in 3.2. They need to be installed in media/player directory
Web services
MDL-31465 - Incorporate user suspension into web services
MDL-45639 - Web Service for SSO (auto-login from the app to the site)
MDL-55923 - Improve the behavior of deleted tokens on password reset
MDL-55928 - New Web Service gradereport_user_get_grade_items
MDL-55100 - New Web Service core_course_get_courses_by_field
For developers
MDL-55071, MDL-55074 - New "Boost" Bootstrap 4 theme, block and navigation changes (see Boost_Navigation and Themes)
MDL-38158 - Introduction of Media players plugin type (see Media players)
MDL-50937 - JQuery updated to version 3.1 (see jQuery)
MDL-54987 - New chart API and library (see Charts_API)
MDL-55727 - AMD modal module introduced (see AMD Modal documentation)
MDL-52127 - Linting for Javascript with ESLint (see Linting Javascript)
MDL-55058 - Linting for CSS with stylelint (see Linting CSS)
MDL-48114 - Moodle can now be downloaded via composer (see Composer)
MDL-55091 - phpunit has been upgraded to 5.x
MDL-55072 - Behat now supports different themes. (See Running_acceptance_test)
MDL-55048 - Grunt and npm build dependencies now require node version 4 or above
MDL-31243 - New get_with_capability_sql function for retrieving SQL for finding users with capability in the given context
MDL-49599 - Boxnet v1 API is now deprecated
MDL-53306 - New authentication plugin method added which is called before user login
MDL-47162 - Course ID is now required in message events
MDL-55141 - Debugging option added for scheduled tasks from CLI (see Scheduled tasks documentation)
MDL-54941 - Add filesize as a new field returned in all the Web Services returning file information
MDL-56082 - Expose external authentication methods (loginpage_idp_list) in login block (see Authentication plugins)
|
|
|
|
besides not being defined on NetBSD (where it is EBADF), it doesn't
make sense to test for it.
From kre in PR pkg/51666
|
|
This will likely fix PR pkg/51697: www/serf fails to package on Solaris
|
|
|
|
|
|
Contao is an Open Source Content Management Framework developed by Leo Feyer
and distributed under the LGPL license (see GPL.txt and LGPL.txt for more
information). It was formerly known as TYPOlight Open Source CMS.
Its open architecture allows everybody to extend the system to fit his
needs. Contao specializes in accessible websites and is accessbile
itself (front end and back end), rendering valid HTML5 or XHTML pages.
Contao 4.3 is fourth minor release of Contao 4, which has incompatible API
from Contao 3.
* Now Contao is Symfony bundle.
* Contao 4 dose not use .htaccess files for protexting directory.
* DocumentRoot is "web" subdirecotry.
* XHTML support has gone, HTML5 only.
* Schema.org markup support.
Additionally, these new features from 4.2.
* Flexible custom layout sections
* Save and duplicate
* Running events
* Template for form
* Image meta data
* HTTP/2 support
* Handling preview of protected elements
* And more...
|
|
|
|
Merged the updates from the new package to the old one. Updated the Tryton
dependency which uses it.
|
|
new packages. Most of which are the remaining modules of the Tryton
platform which weren't packaged. The others are dependencies of the new
modules. This was tested on FreeBSD and is based in large part on Richard
Palo's (richard@) work. This is the most recent release of the Tryton
platform, version 4.2. There's a very large list of changes from the 3.8
series we have in pkgsrc. If you're interested, those functional changes
can be found here:
http://www.tryton.org/posts/new-tryton-release-42.html
http://www.tryton.org/posts/new-tryton-release-40.html
|
|
|
|
|
|
|
|
Solves:
/usr/libexec/binutils225/elf/ld.gold: error: cannot find -lreadline
The missing specification is obvious on DragonFly because there's
no publically accessible version of readline in base.
|
|
|
|
|
|
|
|
* Sync with firefox45-45.5.1
|
|
Changelog:
45.5.1:
#CVE-2016-9079: Use-after-free in SVG Animation
45.5.0:
#CVE-2016-5296: Heap-buffer-overflow WRITE in rasterize_edges_1
#CVE-2016-5293: Write to arbitrary file with Mozilla Updater and Maintenance Service using updater.log hardlink
#CVE-2016-5294: Arbitrary target directory for result files of update process
#CVE-2016-5297: Incorrect argument length checking in JavaScript
#CVE-2016-9064: Add-ons update must verify IDs match between current and new versions
#CVE-2016-9066: Integer overflow leading to a buffer overflow in nsScriptLoadHandler
#CVE-2016-5291: Same-origin policy violation using local HTML file and saved shortcut file
#CVE-2016-9074: Insufficient timing side-channel resistance in divSpoiler
#CVE-2016-5290: Memory safety bugs fixed in Firefox 50 and Firefox ESR 45.5
|
|
* Sync with firefox-50.0.2
|
|
* Change default audio support to ALSA.
You can use OSS or pulseaudio via ALSA plugin package.
Changelog:
50.0.2:
Fixed in Firefox 50.0.2
#CVE-2016-9079: Use-after-free in SVG Animation
50.0.1:
Fixed
*Firefox crashes with 3rd party Chinese IME when using IME text
Security vulnerabilities fixed in Firefox 50.0.1:
#CVE-2016-9078: data: URL can inherit wrong origin after an HTTP redirect
50.0:
New
*Playback video on more sites without plugins with WebM EME Support for Widevine on Windows and Mac
*Improved performance for SDK extensions or extensions using the SDK module loader
*Added download protection for a large number of executable file types on Windows, Mac and Linux
*Increased availability of WebGL to more than 98 percent of users on Windows 7 and newer
*Added Guarani (gn) locale
*Added option to Find in page that allows users to limit search to whole words only
*Updates to keyboard shortcuts
*Set a preference to have Ctrl+Tab cycle through tabs in recently used order
*View a page in Reader Mode by using Ctrl+Alt+R (command+alt+r on Mac)
Fixed
*Login cookies are now saved for sites with a high number of cookies (Bug 1264192)
*Various security fixes
*Fixed rendering of dashed and dotted borders with rounded corners (border-radius)
Changed
*The link to check for plugin security updates has been removed from the addon manager as Firefox automatically checks for plugin updates
*Blocked versions of libavcodec older than 54.35.1
*Added a built-in Emoji set for operating systems without native Emoji fonts (Windows 8.0 and lower and Linux)
Developer
*Changes for web developers
Security vulnerabilities fixed in Firefox 50:
#CVE-2016-5296: Heap-buffer-overflow WRITE in rasterize_edges_1
#CVE-2016-5292: URL parsing causes crash
#CVE-2016-5293: Write to arbitrary file with Mozilla Updater and Maintenance Service using updater.log hardlink
#CVE-2016-5294: Arbitrary target directory for result files of update process
#CVE-2016-5297: Incorrect argument length checking in JavaScript
#CVE-2016-9064: Add-ons update must verify IDs match between current and new versions
#CVE-2016-9065: Firefox for Android location bar spoofing using fullscreen
#CVE-2016-9066: Integer overflow leading to a buffer overflow in nsScriptLoadHandler
#CVE-2016-9067: heap-use-after-free in nsINode::ReplaceOrInsertBefore
#CVE-2016-9068: heap-use-after-free in nsRefreshDriver
#CVE-2016-9072: 64-bit NPAPI sandbox isn't enabled on fresh profile
#CVE-2016-9075: WebExtensions can access the mozAddonManager API and use it to gain elevated privileges
#CVE-2016-9077: Canvas filters allow feDisplacementMaps to be applied to cross-origin images, allowing timing attacks on them
#CVE-2016-5291: Same-origin policy violation using local HTML file and saved shortcut file
#CVE-2016-5295: Mozilla Maintenance Service: Ability to read arbitrary files as SYSTEM
#CVE-2016-5298: SSL indicator can mislead the user about the real URL visited
#CVE-2016-5299: Firefox AuthToken in broadcast protected with signature-level permission can be accessed by an application installed beforehand that defines the same permissionsPI key (glocation) in broadcast protected with signature-level permission can be accessed by an application installed beforehand that defines the same permissions
#CVE-2016-9062: Private browsing browser traces (Android) in browser.db and wal file
#CVE-2016-9070: Sidebar bookmark can have reference to chrome window
#CVE-2016-9073: windows.create schema doesn't specify "format": "relativeUrl"
#CVE-2016-9074: Insufficient timing side-channel resistance in divSpoiler
#CVE-2016-9076: select dropdown menu can be used for URL bar spoofing on e10s
#CVE-2016-9063: Possible integer overflow to fix inside XML_Parse in Expat
#CVE-2016-9071: Probe browser history via HSTS/301 redirect + CSP
#CVE-2016-5289: Memory safety bugs fixed in Firefox 50
#CVE-2016-5290: Memory safety bugs fixed in Firefox 50 and Firefox ESR 45.5
|
|
Upstream changes:
== MediaWiki 1.28 ==
=== Changes since 1.28.0-rc1 ===
* (T148957) Replace wgShowExceptionDetails with wgShowDBErrorBacktrace on db
errors.
* (T148956) Only apply wgDBschema to postgres/mssql.
* (T145991) Introduce separate log action for deleting pages on move.
* (T141474) (T110464) Bypass login page if no user input is required.
=== Changes since 1.28.0-rc0 ===
* (T142210) The changes to move the parser "NewPP limit report" from a HTML
comment to a machine-readable JavaScript config option 'wgPageParseReport'
have been undone. They caused the human-readable limit report to be shown
incompletely or not at all. ParserOutput::setLimitReportData() and
getLimitReportData() behave as they did in MediaWiki 1.27 again.
* (T149510) Value of {{DISPLAYTITLE:}} parser function will not be used for
the text of subheadings on a category page when creating it. This wasn't
working correctly.
* (T106793) MediaWiki will no longer try to perform a HTTP redirect to the
canonical pretty URL when a non-pretty URL is used. It resulted in redirect
loops in some clients and in some server configurations. This undoes a change
made in MediaWiki 1.26.
* (T149759) manifest_version: 2 was removed.
=== Configuration changes in 1.28 ===
* $wgSend404Code now affects status code of action=history if the page is not there.
* BREAKING CHANGE: $wgHTTPProxy is now *required* for all external requests
made by MediaWiki via a proxy. Relying on the http_proxy environment
variable is no longer supported.
* The load.php entry point now enforces the existing policy of not allowing
access to session data, which includes the session user and the session
user's language. If such access is attempted, an exception will be thrown.
* The number of internal PBKDF2 iterations used to derive the session secret
is configurable via $wgSessionPbkdf2Iterations.
* Upload dialog's file upload log comment can now be configured separately for
local and foreign uploads.
* $wgForeignUploadTargets now defaults to `[ 'local' ]`, where `'local'`
signifies local uploads. A value of `[]` (empty array) now means that
no upload targets are allowed, effectively disabling the upload dialog.
* The deprecated $wgEditEncoding variable has been removed; it was only used
for Esperanto language character conversion. You are now recommended to use
input methods provided by the UniversalLanguageSelector extension.
* When $wgPingback is true, MediaWiki will periodically ping
https://www.mediawiki.org/beacon with basic information about the local
MediaWiki installation. This data includes, for example, the type of system,
PHP version, and chosen database backend. This behavior is off by default.
* When $wgEditSubmitButtonLabelPublish is true, MediaWiki will label the button
to store-to-database-and-show-to-others as "Publish page"/"Publish changes";
if false, the default, they will be "Save page"/"Save changes".
* The 'editcontentmodel' permission is now granted to all logged-in users ('user').
instead of just administrators ('sysop'). Documentation for this feature is
available at <https://www.mediawiki.org/wiki/Help:ChangeContentModel>.
* $wgRevisionCacheExpiry is now set to one week by default instead of being disabled.
* Magic links are now disabled by default, and can be re-enabled by modifying the value
of $wgEnableMagicLinks. Their usage is discouraged, but if they are manually enabled,
a tracking category will be added to help identify usage and make it easier to migrate
away from. If you depend upon magic link functionality, it is requested that you comment
on <https://www.mediawiki.org/wiki/Requests_for_comment/Future_of_magic_links> and
explain your use case(s).
* New config variable $wgCSPFalsePositiveUrls to control what URLs to ignore
in upcoming Content-Security-Policy feature's reporting.
=== New features in 1.28 ===
* User::isBot() method for checking if an account is a bot role account.
* Added a new 'slideshow' mode for galleries.
* Added a new hook, 'UserIsBot', to aid in determining if a user is a bot.
* Added a new hook, 'ApiMakeParserOptions', to allow extensions to better
interact with API parsing.
* Added a new hook, 'UploadVerifyUpload', which can be used to reject a file
upload. Unlike 'UploadVerifyFile' it provides information about upload comment
and the file description page, but does not run for uploads to stash.
* (T141604) Extensions can now provide a better error message when their
maintenance scripts are run without the extension being installed.
* (T8948) Numeric sorting in categories is now supported by setting $wgCategoryCollation
to 'uca-default-u-kn' or 'uca-<langcode>-u-kn'. If you can't use UCA collations,
a 'numeric' collation is also available. If migrating from another
collation, you will need to run the updateCollation.php maintenance script.
* Two new codes have been added to #time parser function: "xit" for days in current
month, and "xiz" for days passed in the year, both in Iranian calendar.
* mw.Api has a new option, useUS, to use U+001F (Unit Separator) when
appropriate for sending multi-valued parameters. This defaults to true when
the mw.Api instance seems to be for the local wiki.
* After a client performs an action which alters a database that has replica databases,
MediaWiki will wait for the replica databases to synchronize with the master database
while it renders the HTML output. However, if the output is a redirect to another wiki
on the wiki farm with a different domain, MediaWiki will instead alter the redirect
URL to include a ?cpPosTime parameter that triggers the database synchronization when
the URL is followed by the client. The same-domain case uses a new cpPosTime cookie.
* Added new hooks, 'ApiQueryBaseBeforeQuery', 'ApiQueryBaseAfterQuery', and
'ApiQueryBaseProcessRow', to make it easier for extensions to add 'prop' and
'show' parameters to existing API query modules.
=== External library changes in 1.28 ===
==== Upgraded external libraries ====
* Updated es5-shim from v4.1.5 to v4.5.8
* Updated composer/semver from v1.4.1 to v1.4.2
* Updated wikimedia/php-session-serializer from v1.0.3 to v1.0.4
==== New external libraries ====
* Added wikimedia/scoped-callback v1.0.0
* Added wikimedia/wait-condition-loop v1.0.1
=== Bug fixes in 1.28 ===
* (T146496) action=history pages should return 404 HTTP error code if the page does not exist
* (T137264) SECURITY: XSS in unclosed internal links
* (T133147) SECURITY: Escape '<' and ']]>' in inline <style> blocks
* (T133147) SECURITY: Require login to preview user CSS pages
* (T132926) SECURITY: Do not allow undeleting a revision deleted file if it is
the top file
* (T129738) SECURITY: Make $wgBlockDisablesLogin also restrict logged in
permissions
* (T129738) SECURITY: Make blocks log users out if $wgBlockDisablesLogin is true
* (T139670) Move 'UserGetRights' call before application of
Session::getAllowedUserRights()
=== Action API changes in 1.28 ===
* Added 'maxarticlesize' property to action=query&meta=siteinfo which contains
the value of $wgMaxArticleSize.
* Property 'modulemessages' from action=parse&prop=modules was removed
(deprecated since 1.26).
* The following response properties from action=login, deprecated in 1.27, are
now removed: lgtoken, cookieprefix, sessionid. Clients should handle cookies
to properly manage session state.
* Submitting the lgtoken and lgpassword parameters in the query string to
action=login is now deprecated and outputs a warning. They should be submitted
in the POST body instead.
* Submitting sensitive authentication request parameters to action=clientlogin,
action=createaccount, action=linkaccount, and action=changeauthenticationdata
in the query string is now deprecated and outputs a warning. They should be
submitted in the POST body instead.
* (T141960) Multi-valued parameters may now be separated using U+001F (Unit Separator)
instead of the pipe character. This will be useful if some of the multiple
values need to contain pipes, e.g. for action=options.
* The API will now warn if input is not NFC-normalized Unicode or if it
contains invalid characters.
* The 'normalized' list output by action=query and other modules that use
ApiPageSet may contain entries where the 'from' value is percent-encoded as
the raw value cannot be represented in a valid API response. These are
indicated by a 'fromencoded' boolean alongside the existing 'from' parameter.
* (T28680) action=paraminfo can now return info about all submodules of a
module without listing them all explicitly.
* (T146770) It is now possible to assert that the current user is a specific
named user, using the 'assertuser' parameter.
* (T141963) Added a 'known' property when missing-but-known titles (e.g. from
the 'TitleIsAlwaysKnown' hook) are output in various modules.
=== Action API internal changes in 1.28 ===
* Added a new hook, 'ApiMakeParserOptions', to allow extensions to better
interact with ApiParse and ApiExpandTemplates.
* (T139565) SECURITY: API: Generate head items in the context of the given title
* (T115333) SECURITY: Check read permission when loading page content in ApiParse
* ApiBase::getResultData() was removed (deprecated since 1.25)
* ApiBase::makeHelpArrayToString() was removed (deprecated since 1.25)
* ApiBase::makeHelpMsgParameters() was removed (deprecated since 1.25)
* ApiBase::makeHelpMsg() was removed (deprecated since 1.25)
* ApiFormatBase::formatHTML() was removed (deprecated since 1.25)
* ApiFormatBase::getNeedsRawData() was removed (deprecated since 1.25)
* ApiFormatBase::getWantsHelp() was removed (deprecated since 1.25)
* ApiFormatBase::setBufferResult() was removed (deprecated since 1.25)
* ApiFormatBase::setHelp() was removed (deprecated since 1.25)
* ApiFormatBase::setUnescapeAmps() was removed (deprecated since 1.25)
* ApiMain::makeHelpMsgHeader() was removed (deprecated since 1.25)
* ApiMain::reallyMakeHelpMsg() was removed (deprecated since 1.25)
* ApiMain::setHelp() was removed (deprecated since 1.25)
* ApiResult::beginContinuation() was removed (deprecated since 1.25)
* ApiResult::cleanUpUTF8() was removed (deprecated since 1.25)
* ApiResult::convertStatusToArray() was removed (deprecated since 1.25)
* ApiResult::disableSizeCheck() was removed (deprecated since 1.24)
* ApiResult::enableSizeCheck() was removed (deprecated since 1.24)
* ApiResult::endContinuation() was removed (deprecated since 1.25)
* ApiResult::getData() was removed (deprecated since 1.25)
* ApiResult::getIsRawMode() was removed (deprecated since 1.25)
* ApiResult::setContent() was removed (deprecated since 1.25)
* ApiResult::setContinueParam() was removed (deprecated since 1.25)
* ApiResult::setElement() was removed (deprecated since 1.25)
* ApiResult::setGeneratorContinueParam() was removed (deprecated since 1.25)
* ApiResult::setIndexedTagName_internal() was removed (deprecated since 1.25)
* ApiResult::setIndexedTagName_recursive() was removed (deprecated since 1.25)
* ApiResult::setMainForContinuation() was removed (deprecated since 1.25)
* ApiResult::setParsedLimit() was removed (deprecated since 1.25)
* ApiResult::setRawMode() was removed (deprecated since 1.25)
* ApiResult::size() was removed (deprecated since 1.25)
* Added new hooks, 'ApiQueryBaseBeforeQuery', 'ApiQueryBaseAfterQuery', and
'ApiQueryBaseProcessRow', to make it easier for extensions to add 'prop' and
'show' parameters to existing API query modules. A query module can enable
these hooks by passing an array for $hookData to ApiQueryBase::select() and
by calling ApiQueryBase->processRow() before adding a row's data to the
result.
=== Languages updated in 1.28 ===
MediaWiki supports over 375 languages. Many localisations are updated
regularly. Below only new and removed languages are listed, as well as
changes to languages because of Phabricator reports.
* (T137411) ban (Balinese), thanks to translators Adi Mayndra, Andru,
BASAbali, M. Adiputra, Naval Scene, Nemo bis, NoiX180, and 아라.
* (T135867) shn (Shan), thanks to translators Khun Sar, Piangpha,
Saiddzone Saimawnkham, Saosukham, and Sengwan.
* Czech (cs) and Slovak (sk) set as reciprocal fallbacks.
* (T146744) Livvi-Karelian (olo) namespace messages created thanks to translator Ilja.mos.
=== Other changes in 1.28 ===
* (T128697) Improved handling of large diffs.
* [BREAKING CHANGE] $wgExtendedLoginCookies has been removed. You can
use or update a custom session provider if needed.
* Deprecated APIEditBeforeSave hook in favor of EditFilterMergedContent.
* The 'UploadVerification' hook is deprecated. Use 'UploadVerifyFile' instead.
* SiteConfiguration::isLocalVHost() was removed (deprecated since 1.25).
* The 'UserLoginComplete' hook has a new parameter to differentiate between actual
login and visiting the login page while already logged in.
* ResourceLoader::makeLoaderURL() was removed (deprecated since 1.24).
* $.fn.liveAndTestAtStart was removed (deprecated since 1.24).
* mw.util.tooltipAccessKeyPrefix was removed (deprecated since 1.24).
* mw.util.tooltipAccessKeyRegexp was removed (deprecated since 1.24).
* Linker::link() and Linker::linkKnown() were deprecated; please instead use
MediaWiki\Linker\LinkRenderer. In addition, the LinkBegin and LinkEnd hooks
were replaced by HtmlPageLinkRendererBegin and HtmlPageLinkRendererEnd
respectively. See docs/hooks.txt for the specific changes needed for those hooks.
* Linker::formatSize() was deprecated. Use Language::formatSize() directly.
* Aliases for Linker methods, deprecated since 1.21, were removed from Skin:
* Skin::commentBlock() (use Linker::commentBlock() instead)
* Skin::generateRollback() (use Linker::generateRollback() instead)
* Skin::link() (use MediaWiki\Linker\LinkRenderer instead)
* Skin::linkKnown() (use MediaWiki\Linker\LinkRenderer instead)
* Skin::userLink() (use Linker::userLink() instead)
* Skin::userToolLinks() (use Linker::userToolLinks() instead)
* Disabled "bug 2702" HTML tidying of parsed UI messages on wikis where Tidy is
disabled.
* DifferenceEngine::generateDiffBody() was removed (deprecated since 1.21).
* UploadBase::stashFileGetKey() and UploadBase::stashSession() were deprecated.
Use ...->stashFile()->getFileKey() instead.
* "Public domain" was removed as a wiki license option from the installer, in
favour of CC-0.
* AuthenticationRequest::$required is now changed from REQUIRED to PRIMARY_REQUIRED
on requests needed by primary providers even if all primaries need them.
Primary providers are discouraged from returning multiple REQUIRED requests.
* OOjs UI PHP widgets constructed with the `'infusable' => true` config option
will no longer be automatically infused. You should call `OO.ui.infuse()`
on them yourself from your JavaScript code.
* parserTests.php has moved to tests/parser/parserTests.php
* The command line options specific to parser tests have been removed from
phpunit.php: --regex and --keep-uploads. Instead of --regex, use --filter.
Instead of --keep-uploads, use the same option to parserTests.php, but you
must specify a directory with --upload-dir.
* The 'jquery.arrowSteps' ResourceLoader module is now deprecated.
* IP::isConfiguredProxy() and IP::isTrustedProxy() were removed. Callers should
migrate to using the same functions on a ProxyLookup instance, obtainable from
MediaWikiServices.
* The ArticleAfterFetchContent, ArticleInsertComplete, ArticleSave, ArticleSaveComplete,
ArticleViewCustom, EditFilterMerged, EditPageGetDiffText, EditPageGetPreviewText and
ShowRawCssJs hooks will now emit deprecation warnings if used.
* (T68404) CSS3 attr() function with url type is no longer allowed
in inline styles.
* Database::getSearchEngine() is deprecated, use SearchEngineFactory::getSearchEngineClass
instead.
== Compatibility ==
MediaWiki 1.28 requires PHP 5.5.9 or later. There is experimental support for
HHVM 3.6.5 or later.
MySQL is the recommended DBMS. PostgreSQL or SQLite can also be used, but
support for them is somewhat less mature. There is experimental support for
Oracle and Microsoft SQL Server.
The supported versions are:
* MySQL 5.0.3 or later
* PostgreSQL 8.3 or later
* SQLite 3.3.7 or later
* Oracle 9.0.1 or later
* Microsoft SQL Server 2005 (9.00.1399)
== Upgrading ==
1.28 has several database changes since 1.27, and will not work without schema
updates. Note that due to changes to some very large tables like the revision
table, the schema update may take quite long (minutes on a medium sized site,
many hours on a large site).
If upgrading from before 1.11, and you are using a wiki as a commons
repository, make sure that it is updated as well. Otherwise, errors may arise
due to database schema changes.
If upgrading from before 1.7, you may want to run refreshLinks.php to ensure
new database fields are filled with data.
If you are upgrading from MediaWiki 1.4.x or earlier, you should upgrade to
1.5 first. The upgrade script maintenance/upgrade1_5.php has been removed
with MediaWiki 1.21.
Don't forget to always back up your database before upgrading!
See the file UPGRADE for more detailed upgrade instructions.
For notes on 1.27.x and older releases, see HISTORY.
== Online documentation ==
Documentation for both end-users and site administrators is available on
MediaWiki.org, and is covered under the GNU Free Documentation License (except
for pages that explicitly state that their contents are in the public domain):
https://www.mediawiki.org/wiki/Special:MyLanguage/Documentation
== Mailing list ==
A mailing list is available for MediaWiki user support and discussion:
https://lists.wikimedia.org/mailman/listinfo/mediawiki-l
A low-traffic announcements-only list is also available:
https://lists.wikimedia.org/mailman/listinfo/mediawiki-announce
It's highly recommended that you sign up for one of these lists if you're
going to run a public MediaWiki, so you can be notified of security fixes.
== IRC help ==
There's usually someone online in #mediawiki on irc.freenode.net.
|
|
Changes to GoAccess 1.1.1 - Wednesday, November 23, 2016
- Added data metric's "unique" count on each panel to the JSON/HTML outputs.
- Changed D3 bar charts to use .rangeBands and avoid extra outer padding.
- Fixed mouseover offset position issue on D3 bar charts.
- Fixed possible heap overflow when an invalid status code was parsed and
processed. This also ensures that only valid HTTP status codes are parsed
>=100 or <= 599.
- Fixed sluggish D3 chart re-rendering by changing how x-axis labels are
displayed in the HTML report.
|
|
* Fixed a regression when static placeholder was uneditable if it was present
on the page multiple times
* Removed globally unique constraint for Apphook configs.
* Fixed a bug when keyboard shortcuts were triggered when form fields were
focused
* Fixed a bug when ``shift + space`` shortcut wouldn't correctly highlight a
plugin in the structure board
* Fixed a bug when plugins that have top-level svg element would break
structure board
* Fixed a bug where output from the ``show_admin_menu_for_pages`` template tag
was escaped in Django 1.9
* Fixed a bug where plugins would be rendered as editable if toolbar was shown
but user was not in edit mode.
* Fixed css reset issue with shortcuts modal
|
|
Bugfixes
* Quoted the Oracle test user’s password in queries to fix the “ORA-00922: missing or invalid option” error when the password starts with a number or special character.
* Fixed incorrect app_label / model_name arguments for allow_migrate() in makemigrations migration consistency checks.
* Made Model.delete(keep_parents=True) preserve parent reverse relationships in multi-table inheritance.
* Fixed a QuerySet.update() crash on SQLite when updating a DateTimeField with an F() expression and a timedelta.
* Prevented LocaleMiddleware from redirecting on URLs that should return 404 when using prefix_default_language=False.
* Prevented an unnecessary index from being created on an InnoDB ForeignKey when the field was added after the model was created.
|
|
|
|
|
|
Remove manual CONFLICTS, pkg_add does this automatically.
=== RELEASE 2.14 ===
Thu Nov 3 19:45:34 CET 2016 mikulas:
Enable DECC$EFS_CHARSET on OpenVMS, so that we can browser files and
directories with extended names
Wed Nov 2 20:35:31 CET 2016 mikulas:
Limit keepalive of ciphers with 64-bit block size to mitigate
the SWEET32 attack
Wed Nov 2 19:14:33 CET 2016 mikulas:
Disable SSL compression to avoid the CRIME attack
Fri Oct 28 22:52:49 CEST 2016 mikulas:
On Windows, add an entry to programs in control panel, that allows
uninstalling Links
Fri Oct 28 21:25:28 CEST 2016 mikulas:
Report home directory in the "Version" window
Sat Oct 22 13:17:04 CEST 2016 mikulas:
On Windows, preload font data in a background thread, to minimize a
stall when viewing SVG image for the first time.
Sat Oct 8 17:14:59 CEST 2016 mikulas:
Improved tor hardening - when the user toggles the "Only Proxies" option
(i.e. when connecting to tor), we reset certain other options to their
default values, so that it is not possible to identify user behind tor
based on the selected options.
Thu Oct 6 14:39:26 CEST 2016 mikulas:
Use keys 'P' and 'L' to scroll up and down
Thu Sep 29 23:40:34 CEST 2016 Juhani Haverinen <juhani.haverinen@gmail.com>:
Fix a memory leak when copying the current url to clipboard
(the bug was introduced in Links 2.13)
Sat Sep 3 20:02:26 CEST 2016 mikulas:
Fix crash when the user pressed Ctrl-G on a form field
(the bug was introduced in Links 2.13)
Fri Aug 19 22:35:54 CEST 2016 mikulas:
Workaround for a bug in librsvg that makes mathematics on Wikipedia
unreadable
Fri Aug 19 19:05:55 CEST 2016 mikulas:
Support fourth and fifth mouse button in gpm and framebuffer
Thu Aug 18 19:34:47 CEST 2016 mikulas:
Fixed bugs when downgrading SSL connection while https proxy or socks
proxy is used
Tue Aug 16 18:53:53 CEST 2016 mikulas:
Security bug fixed: Don't load or render the content of
"407 Proxy Authentication Required" reply when using https proxy.
This avoids the FalseCONNECT attack.
Also, don't allow 401 and 407 responses to set cookies.
Wed Jul 27 21:38:37 CEST 2016 mikulas:
Pop openssl error stack on every error - make sure that SSL errors on
one connection do not affect other connections
Sun Jul 17 21:10:12 CEST 2016 mikulas:
Use libc tree functions from <search.h> for searching the cache
Thu Jul 7 19:39:15 CEST 2016 mikulas:
Set the GD_NOAUTO flag for the directfb driver, so that this driver is
never selected automatically. The directfb subsystem is buggy, it can
corrupt graphics or even cause system crash, so select this driver only
if the user explicitly requests it with '-driver directfb'
|
|
Upstream changes:
7.10 2016-11-01
- Added getopt function to Mojo::Util.
7.09 2016-10-22
- Added every_header method to Mojo::Headers.
- Fixed redirect bug in Mojo::UserAgent::Transactor.
- Fixed a few proxy bugs in Mojo::UserAgent.
|
|
libnghttp2
* In this release, libnghttp2 by default disallows content-length header field in 1xx, 204, or 200 to a CONNECT request as described in RFC 7230.
libnghttp2_asio
* Previously, server-side on_close callback was not called when connection was closed while streams were still alive. Now on_close callback is called for active streams on connection close.
build
* Remo E provided a patch to include MSVC version resource in cmake Windows build.
nghttpx
* We fixed the bug that sometimes made nghttpx crash if --backend-http-proxy-uri was used.
* We fixed the bug that one HTTP header fields from HTTP/1.1 backend were split into multiple fields in some situations.
* We fixed the bug that zero-length POST was not forwarded to HTTP/1.1 backend, causing dead lock.
* We removed optional reason phrase from SPDY response header fields. This is OK since reason phrase is optional.
* To align the changes made in libnghttp2 that disallows content-length in 1xx, 204, or 200 to a CONNECT request, we did the same thing to HTTP/1.1 backend. We also disallow transfer-encoding in those status codes as well.
* dalf provided a patch to fix compile failure with BoringSSL.
nghttpd, nghttpx, and libnghttp2_asio
* We fixed the bug that mandatory SP after status code wass missing in HTTP/1.1 status line.
|
|
|
|
2016-11-22 ac6877b [RELEASE] Release of TYPO3 6.2.29 (TYPO3 Release Team)
2016-11-22 5b9a2b4 #78557 [SECURITY] Prevent unnecessary unserialize in SuggestWizard (Nicole Cordes)
2016-11-22 4a98563 #73453 [SECURITY] Disallow invalid encoding in GeneralUtility::validPathStr (Benni Mack)
2016-11-18 a61499f #78703 [BUGFIX] Use GeneralUtility::getUrl in DocumentationService->fetchDocument (Claus Due)
2016-11-18 354b01b #78739 [BUGFIX] Update session id in user property (Helmut Hummel)
2016-11-15 ee1ef6a #76153 [BUGFIX] Catch exceptions while dumping a file (Frans Saris)
2016-11-13 83ab00a #78238 [BUGFIX] Bind the cHash to the id of the "real" page (Helmut Hummel)
2016-11-10 3980012 #78526 [BUGFIX] Use page uid instead of alias for cHash calculation (Helmut Hummel)
2016-11-07 45e138c #71340 [TASK] Provide documentation Settings.cfg (Gernot Schulmeister)
2016-11-05 a861b18 #78540 [BUGFIX] Load ext_emconf information in extension installation (Nicole Cordes)
|
|
Bump PKGREVISION.
|
|
Normally gprbuild is only used for building, with a notable exception
of the broken devel/gps.
|
|
This large commit accomplishes the following:
1) Switch USE_LANGUAGES=ada to require lang/gcc5-aux (gcc 5.4) instead
of lang/gcc-aux (gcc 4.9.2) on gcc.mk
2) Bump affected ports and fix paths as necessary
3) Upgrade devel/gprbuild to the latest release
- No longer requires lang/gnat_util
- gprslave requires gcc6-aux, so it was disabled for now
4) Fix lang/gnat_util but set PKG_SKIP_REASON
- It has no further purpose in the pkgsrc tree
- It has no practical purpose outside of the pkgsrc tree
- Indicate intent to remove from tree in Jan. 2017
5) Set devel/GPS as failed with PKG_FAIL_REASON
- This version of GPS is several years old and at the time they were
strongly tied to compiler.
- Latest release of GPS require gcc6-aux (not available) and several
new and complex dependencies
- maintainer (me) has no interest to continue supporting it
- Leaving GPS in place until Jan 2017 to give another person chance to
upgrade and take over support
- Latest version in FreeBSD Ports Collection as a reference point
|
|
minimum version needed for it).
|
|
|
|
|
|
PR pkg/51593: nginx configure error the HTTP rewrite module requires the PCRE library
|
|
We fixed the bug that nghttp2 HPACK decoder may decode wrong integer because of undefined behaviour.
We fixed the bug in nghttpx that may make nghttpx crash if final response after non-final response from origin server is forwarded to HTTP/1.1 client.
|
|
|