Changelog:
Version 23.0.2 February 16 2022
Changes
* Check for disk_free_space (server#29798)
* Avoid use of iconv to get rid of unicode (server#29965)
* Don't query the bruteforce attempts when we just deleted them (server#
30026)
* Fix input for groups validation in new user form (server#30144)
* Reload page instead of file list when getting 401 authentification error
(server#30151)
* Allow to delete non-migrated previews instead of moving them (server#30175)
* Fix relation "user_id" already exists migration error (server#30176)
* Check resource before closing in encryption wrapper (server#30180)
* Use correct icon for dir-external-root (server#30187)
* Properly format sharing datepicker locale (server#30190)
* Update guzzlehttp/guzzle requirement from 6.5.2 to 6.5.5 in /build/
integration (server#30212)
* Update sabre/dav requirement from 4.2.1 to 4.2.3 in /build/integration
(server#30213)
* Bump dompurify from 2.3.3 to 2.3.4 (server#30214)
* Bump core-js from 3.19.2 to 3.19.3 (server#30215)
* Don't check the configvalue for lastLogin which is never null (server#
30236)
* Support LDAP dns longer than 255 characters (server#30238)
* Only wildcard search if enumeration is allowed (server#30245)
* Fix setting up 2FA when no providers are set up but backup codes (server#
30252)
* Carefully filter out non matching time ranges for CalDAV search (server#
30267)
* Use bigint for autoincremented column (server#30272)
* Fix ShareLink Upload UI for Folders (server#30289)
* Use proper translation source for direct editing (server#30301)
* Ignore non-existing groups when notifying group shares (server#30306)
* Fix share owner not being displayed in sharing tab (server#30315)
* Update sabre/dav requirement from 4.2.3 to 4.3.0 in /build/integration
(server#30325)
* Enhance and complement OPcache setup checks (server#30339)
* Fix potential unwarranted memberships in nested groups from LDAP (server#
30343)
* Fix overlapping in the help settings section (server#30344)
* Remove iconv from dependencies and tests (server#30351)
* Fix persistent tooltip in the "new folder" input of the file picker (server
#30356)
* Don't die with LockedException when removing/restoring multiple files from
trash (server#30390)
* Improve personal settings on mobile (server#30411)
* Fix rendering app authors with homepage or email (server#30431)
* Add missing index for propertypath only queries of DAV properties (server#
30433)
* Handle external share with invalid host (server#30443)
* Make sure to get file model in template picker (server#30449)
* Improve status modal (server#30455)
* Allow using composer plugin with composer 2.2 (server#30462)
* Fix uploading text position (server#30480)
* Run migrations fully when reenabling an app (server#30486)
* Fix passing on the parameter (server#30522)
* Fix email verification (server#30525)
* Update CRL after revocation of sharerenamer.crt (server#30528)
* Handle LocalServerException when scanning external shares (server#30557)
* Fix fail when keys/files folder already exists (server#30576)
* Use npm ci when running JS tests (server#30580)
* Fix: only use jquery once it is available (server#30592)
* Avoid zero division in setup checks (server#30594)
* Prevent loading images that would require too much memory. (server#30602)
* Fix undefined/unset scope in account properties (server#30611)
* Fix RequestURL check for cli commands (server#30619)
* Reset job disabling timer on adding the job again (server#30621)
* Set the file's mtime from the headers in bulk upload (server#30623)
* Trigger "changeDirectory" event on URL change (server#30627)
* Properly abort uploads (server#30636)
* Fix idn emails not working in shares (server#30643)
* Implement multibucket shift for ObjectStore (server#30659)
* Fix wrong unified search link to folder (server#30662)
* Fix primary key change in user_ldap migration (server#30663)
* Improve accessibility settings on mobile (server#30671)
* Fix file picker not respecting hidden files settings (server#30672)
* Add version of disabled apps when available (server#30674)
* Optimize FileSystemTags workflow for groupfolder (server#30684)
* Fix users can't login external mount user entered credentials not set
(server#30685)
* Remove inefficient fed share scanner (server#30688)
* New Files internal link GET param to avoid opening the file (server#30689)
* UpdateEncryptedVersion: cleanup on target if cache already got renamed
(server#30695)
* Improve layout for the public download page (server#30698)
* Fix loading of the text app in public shared links (server#30722)
* Fix non-ascii characters present in the header (server#30728)
* Hash job argument (server#30734)
* Increase email main buttons width for non-english languages (server#30740)
* Improve install process (server#30747)
* Create block-merge-freeze.yml (server#30753)
* Log bruteforce throttle and blocking (server#30759)
* Always call flush() as getAllKeys() is broken (server#30773)
* Add KerberosApacheAuth support to files_external (server#30782)
* Update sabre/dav requirement from 4.3.0 to 4.3.1 in /build/integration
(server#30799)
* Bump jquery-ui from 1.13.0 to 1.13.1 (server#30800)
* Fix accessing undefined offsets (server#30811)
* Fix psalm not running (server#30814)
* 23.0.1 Final (server#30840)
* Fix php:cs (server#30847)
* Prevent merging on EOL branches (server#30872)
* Fixes occ user:info when the user never logged in (server#30890)
* Bump dompurify from 2.3.4 to 2.3.5 (server#30911)
* Bump clipboard from 2.0.8 to 2.0.9 (server#30912)
* Bump webpack-cli from 4.9.1 to 4.9.2 (server#30913)
* Fix psalm warning related to registerEventListener (server#30915)
* Update version.php (server#30975)
* Fix duplicated UUID migration issue (server#31107)
* Revert the 'broken' public page changes (server#31108)
* Disable bulk upload by not advertising it (server#31171)
* Create block-merge-freeze.yml (3rdparty#971)
* Fix sorting of filters on php 8.0+ (activity#715)
* Filter allowed type of member (circles#865)
* Lighten select for single circle (circles#867)
* Bypass moderator check on CFG_FRIEND (circles#873)
* Better display of federated user (circles#876)
* Strtolower on mail address (circles#882)
* Only returns population on direct request from the front-end or occ command
(circles#885)
* Enforce password on new share (circles#887)
* Ignore exception to group sync (circles#894)
* Exception on null token (circles#896)
* L10n: Improved grammar (circles#898)
* Create block-merge-freeze.yml (circles#907)
* Fix loosing memberships in low depth (circles#914)
* Remove shares during circles destruction, clean orphan shares on cron
(circles#918)
* Paginate Circles through OCS query parameters (circles#919)
* GetSingleId(): string; (circles#922)
* Bump actions (files_pdfviewer#530)
* Bump @nextcloud/eslint-config from 6.1.0 to 6.1.2 (files_pdfviewer#534)
* Bump @nextcloud/webpack-vue-config from 4.1.0 to 4.1.4 (files_pdfviewer#
535)
* Create block-merge-freeze.yml (files_pdfviewer#544)
* Updating lint-php.yml workflow from template (files_pdfviewer#549)
* Create block-merge-freeze.yml (files_rightclick#131)
* Create block-merge-freeze.yml (files_videoplayer#256)
* Fix overlapping buttons (firstrunwizard#652)
* Create block-merge-freeze.yml (firstrunwizard#661)
* Create block-merge-freeze.yml (logreader#636)
* Create block-merge-freeze.yml (nextcloud_announcements#92)
* Create block-merge-freeze.yml (notifications#1137)
* Create block-merge-freeze.yml (password_policy#315)
* Bump autoprefixer from 10.3.6 to 10.3.7 (photos#1009)
* Bump @nextcloud/eslint-config from 6.1.0 to 6.1.2 (photos#1010)
* Bump postcss-loader from 6.2.0 to 6.2.1 (photos#1011)
* Bump @nextcloud/event-bus from 2.1.0 to 2.1.1 (photos#1012)
* Bump @nextcloud/initial-state from 1.2.0 to 1.2.1 (photos#1013)
* Fix default previews (photos#951)
* Fix Tags: Don't display tags without photos (photos#960)
* Update workflows (photos#981)
* Bump @nextcloud/webpack-vue-config from 4.1.0 to 4.1.4 (photos#985)
* Bump url-parse from 1.5.3 to 1.5.4 (photos#986)
* Bump vue-router from 3.5.2 to 3.5.3 (photos#987)
* Bump qs from 6.10.1 to 6.10.3 (photos#988)
* Bump camelcase from 6.2.0 to 6.2.1 (photos#989)
* Create block-merge-freeze.yml (photos#998)
* Fix label of account name and hide parts with subscription (privacy#676)
* Create block-merge-freeze.yml (privacy#684)
* Update workflows (privacy#690)
* Create block-merge-freeze.yml (recommendations#470)
* Update test.yml (recommendations#473)
* Create block-merge-freeze.yml (serverinfo#352)
* Create block-merge-freeze.yml (survey_client#123)
* Update mark input/paste rules to tiptap v2 regular expressions (text#1976)
* Don't show "Link file" button when using direct edition (text#1979)
* Make sure translations are detected (text#1984)
* Fix only the first item gets tasklist-ified issue (text#2005)
* Fix: use stable23 branch for cypress tests (text#2023)
* Fix autofocus on empty documents without a node (Fixes: #1974) (text#2035)
* Add stylelint to github actions (text#2041)
* Fix: cypress login with new session feature (text#2046)
* Bump @nextcloud/event-bus from 2.1.0 to 2.1.1 (text#2078)
* Bump @nextcloud/initial-state from 1.2.0 to 1.2.1 (text#2081)
* Bump @nextcloud/webpack-vue-config from 4.1.0 to 4.1.4 (text#2084)
* Bump @cypress/browserify-preprocessor from 3.0.1 to 3.0.2 (text#2085)
* Bump prosemirror-markdown from 1.6.0 to 1.6.2 (text#2086)
* Bump @nextcloud/eslint-config from 6.1.0 to 6.1.2 (text#2088)
* Bump prosemirror-view from 1.23.5 to 1.23.6 (text#2100)
* Fix closing the editor modal in public folder view (text#2105)
* Fix: 2020 let heading menu overflow workspace (text#2109)
* Create block-merge-freeze.yml (text#2115)
* Disable fade-out because of accessbility reasons (viewer#1066)
* Fix german (Sie) translations comming from nextcloud-vue (viewer#1089)
* Add cypress summary for easier branch protection mgmt (viewer#1094)
* Add engines support for cypress tests (viewer#1099)
* Always check for `OCA.Files` before using it (Fixes: #1106) (viewer#1108)
* Disable swiping on viewer video controls (viewer#1114)
* Disable swiping on viewer audio controls (viewer#1122)
* Create block-merge-freeze.yml (viewer#1133)
* Update lint-php.yml (viewer#1138)
9.0.1 (2022-02-03)
------------------
- In show_file, use os.remove to remove temporary images. CVE-2022-24303 #6010
- Restrict builtins within lambdas for ImageMath.eval. CVE-2022-22817 #6009
9.0.0 (2022-01-02)
------------------
- Restrict builtins for ImageMath.eval(). CVE-2022-22817 #5923
- Ensure JpegImagePlugin stops at the end of a truncated file #5921
- Fixed ImagePath.Path array handling. CVE-2022-22815, CVE-2022-22816 #5920
- Remove consecutive duplicate tiles that only differ by their offset #5919
- Improved I;16 operations on big endian #5901
- Limit quantized palette to number of colors #5879
- Fixed palette index for zeroed color in FASTOCTREE quantize #5869
- When saving RGBA to GIF, make use of first transparent palette entry #5859
- Pass SAMPLEFORMAT to libtiff #5848
- Added rounding when converting P and PA #5824
- Improved putdata() documentation and data handling #5910
- Exclude carriage return in PDF regex to help prevent ReDoS #5912
- Fixed freeing pointer in ImageDraw.Outline.transform #5909
- Added ImageShow support for xdg-open #5897
- Support 16-bit grayscale ImageQt conversion #5856
- Convert subsequent GIF frames to RGB or RGBA #5857
- Do not prematurely return in ImageFile when saving to stdout #5665
- Added support for top right and bottom right TGA orientations #5829
- Corrected ICNS file length in header #5845
- Block tile TIFF tags when saving #5839
- Added line width argument to polygon #5694
- Do not redeclare class each time when converting to NumPy #5844
- Only prevent repeated polygon pixels when drawing with transparency #5835
- Add support for pickling TrueType fonts #5826
- Only prefer command line tools SDK on macOS over default MacOSX SDK #5828
- Drop support for soon-EOL Python 3.6 #5768
- Fix compilation on 64-bit Termux #5793
- Use title for display in ImageShow #5788
- Remove support for FreeType 2.7 and older #5777
- Fix for PyQt6 #5775
- Removed deprecated PILLOW_VERSION, Image.show command parameter, Image._showxv and ImageFile.raise_ioerror #5776
The next version will be 2.52.0, and this will interoperate with 2.51.
That is expected to continue indefinitely. There is no reason to have
multiple versions again, so say that the next update will move to the
unversioned name.
Changes for version 2.18 (2022-02-23)
* Added support for [./ssl-server.md|SSL/TLS server mode] for commands
like "[/help?cmd=server|fossil server]" and "[/help?cmd=http|fossil http]"
* The new [/help?cmd=cherry-pick|cherry-pick command] is an alias for
[/help?cmd=merge|merge --cherrypick].
* Add new setting "[/help?cmd=large-file-size|large-file-size]". If the size
of any file in a commit exceeds this size, a warning is issued.
* Query parameter "year=YYYY" is now accepted by [/help?cmd=/timeline|/timeline].
* The [/help?cmd=tar|tar] and [/help?cmd=zip|zip commands] no longer
sterilize the manifest file.
* Futher improvement to diff alignment in cases that involve both
edits and indentation changes.
* [/doc/trunk/www/chat.md|Chat] improvements:<ul>
<li> [/help?cmd=/chat|The /chat page] input options have been reworked
again for better cross-browser portability.
<li> When sending a [/help?cmd=/chat|/chat] message fails, it is no longer
immediately lost and sending may optionally be retried.
<li> [/help?cmd=/chat|/chat] can now optionally embed attachments of certain
types directly into message bodies via an iframe.
<li> Add the "--as FILENAME" option to the "[/help?cmd=chat|fossil chat send]"
command.
<li> Added the "[/help?cmd=chat|fossil chat pull]" command, available to
administrators only, for backing up the chat conversation.
</ul>
* Promote the test-detach command into the [/help?cmd=detach|detach command].
* For "[/help?cmd=pull|fossil pull]" with the --from-parent-project option,
if no URL is specified then use the last URL from the most recent prior
"fossil pull --from-parent-project".
* Add options --project-name and --project-desc to the
"[/help?cmd=init|fossil init]" command.
* The [/help?cmd=/ext|/ext page] generates the SERVER_SOFTWARE environment
variable for clients.
* Fix the REQUEST_URI [/doc/trunk/www/aboutcgi.wiki#cgivar|CGI variable] such
that it includes the query string. This is how most other systems understand
REQUEST_URI.
* Added the --transport-command option to [/help?cmd=sync|fossil sync]
and similar.
New in 2.1.28
build:
configure - Restore LIBS after checking gss_inquire_sec_context_by_oid
makemd5.c - Fix potential out of bound writes
fix build with –disable-shared –enable-static
Dozens of fixes for Windows specific builds
Fix cross platform builds with SPNEGO
Do not try to build broken java subtree
Fix build error with –enable-auth-sasldb
common:
plugin_common.c:
Ensure size is always checked if called repeatedly (#617)
documentation:
Fixed generation of saslauthd(8) man page
Fixed installation of saslauthd(8) and testsaslauthd(8) man pages (#373)
Updates for additional SCRAM mechanisms
Fix sasl_decode64 and sasl_encode64 man pages
Tons of fixes for Sphinx
include:
sasl.h:
Allow up to 16 bits for security flags
lib:
checkpw.c:
Skip one call to strcat
Disable auxprop-hashed (#374)
client.c:
Use proper length for fully qualified domain names
common.c:
CVE-2019-19906 Fix off by one error (#587)
external.c:
fix EXTERNAL with non-terminated input (#689)
saslutil.c:
fix index_64 to be a signed char (#619)
plugins:
gssapi.c:
Emit debug log only in case of errors
ntlm.c:
Fail compile if MD4 is not available (#632)
sql.c:
Finish reading residual return data (#639)
CVE-2022-24407 Escape password for SQL insert/update commands.
sasldb:
db_gdbm.c:
fix gdbm_errno overlay from gdbm_close
DIGEST-MD5 plugin:
Prevent double free of RC4 context
Use OpenSSL RC4 implementation if available
SCRAM plugin:
Return BADAUTH on incorrect password (#545)
Add -224, -384, -512 (#552)
Remove SCRAM_HASH_SIZE
Add function to return SCRAM auth method name
Allocate enough memory in scam_setpass()
Add function to sort SCRAM methods by hash strength
Update windows build for newer SCRAM options
saslauthd:
auth_httpform.c:
Avoid signed overflow with non-ascii characters (#576)
auth_krb5.c:
support setting an explicit auth_krb5 server name
support setting an explicit servername with Heimdal
unify the MIT and Heimdal auth_krb5 implementations
Remove call to krbtf
auth_rimap.c:
provide native memmem implementation if missing
lak.c:
Allow LDAP_OPT_X_TLS_REQUIRE_CERT to be 0 (no certificate verification)
lak.h:
Increase supported DN length to 4096 (#626)
It's the variable that indicates if MKPIE is requested and feasible on the
platform. In fact I originally wrote a condition mentioning
${_PKGSRC_MKPIE}, but it somehow got lost while I was refactoring the code.
It's the variable that indicates if MKPIE is requested and feasible on the
platform. In fact I originally wrote a condition mentioning
${_PKGSRC_MKPIE}, but it somehow got lost while I was refactoring the code.
This minimalistic library helps you navigate the world of text encodings
avoiding invalid argument (invalid byte sequence) and invalid argument
(invalid character) in runtime.
A library for parsing and comparing software version numbers. We like to
give version numbers to our software in a myriad of ways. Some ways follow
strict guidelines for incrementing and comparison. Some follow conventional
wisdom and are generally self-consistent. Some are just plain asinine. This
library provides a means of parsing and comparing any style of versioning,
be it a nice Semantic Version like this:
1.2.3-r1+git123
...or a monstrosity like this:
2:10.2+0.0093r3+1-1
Please switch to Semantic Versioning if you aren't currently using it. It
provides consistency in version incrementing and has the best constraints
on comparisons.
This library implements version 2.0.0 of the SemVer spec.
turtle is a reimplementation of the Unix command line environment in
Haskell so that you can use Haskell as both a shell and a scripting
language.
Features include:
* Batteries included: Command an extended suite of predefined utilities
* Interoperability: You can still run external shell commands
* Portability: Works on Windows, OS X, and Linux
* Exception safety: Safely acquire and release resources
* Streaming: Transform or fold command output in constant space
* Patterns: Use typed regular expressions that can parse structured values
* Formatting: Type-safe printf-style text formatting
* Modern: Supports text and system-filepath
This is a small wrapper around the directory, unix, and Win32 packages, for
use with system-filepath. It provides a consistent API to the various
versions of these packages distributed with different versions of GHC.
In particular, this library supports working with POSIX files that have
paths which can't be decoded in the current locale encoding.
Provides a FilePath datatype and utility functions for operating on
it. Unlike the filepath package, this package does not simply reuse String,
increasing type safety.
