Commit graph

21643 commits

Author SHA1 Message Date
wiz
f194511ab4 lighttpd: update to 1.4.61.
Add missing test dependency.

- 1.4.61 - 2021-10-28
  * [core] define __BEGIN_DECLS, __END_DECLS if needed
  * [core] Y2038: error log high-precision timestamps
  * [multiple] __attribute_nonnull__ now takes params
  * [core] bounds check while url-decoding
  * [mod_magnet] prefer lua_newuserdatauv() w/ lua 5.4
  * [core] earlier macOS need define for errno_t (fixes #3107)
  * [tests] force POSIX::WNOHANG() autovivification (fixes #3110)
  * [mod_dirlisting] sort "../" to top (fixes #3109)
  * [tests] force Fcntl::F_SETFD() autovivification (#3110)
  * [core] avoid repeated typedef for fdlog_st
  * [doc] update INSTALL
  * [mod_extforward] keep remote IP thru request reset
  * [core] fix HTTP/2 upload > 64k w/ max-request-size (fixes #3108)
  * [mod_auth] fix Basic auth passwd cache (fixes #3112)
  * [mod_ajp13,mod_fastcgi] comment: no response body
  * [mod_webdav] ignore PROPFIND Depth for files
  * [core] add comment to ck_memeq_const_time()
  * [core] accept up to 5 digit port num in host cond
  * [core] expose chunkqueue_remove_empty_chunks()
  * [core] short-circuit if response body recv w/ hdrs (fixes #3111)
  * [core] resched HTTP/2 streams w/ pending data (#3111)
  * [core] separate func for gw_authorizer_ok()
  * [core] make ck_memeq_const_time() more generic (#3112)
  * [mod_auth] revert adjustment to auth passwd cache (#3112)
  * [core] thwart h2c smuggling when Upgrade enabled
  * [core] separate funcs to check for valid chars
  * [core] thwart h2 request tunnelling
  * [core] clear shared log buffer after writes
  * [mod_nss] quiet trace for PR_END_OF_FILE_ERROR
  * [core] allow debug.log-state-handling in condition
  * [core] combine more dup header processing code
  * [mod_ajp13,mod_fastcgi] check resp w/ content len
  * [mod_proxy] Length Req if proxy forcing HTTP/1.0
  * [core] restart dead proc on connect error if local
  * [mod_ajp13,mod_fastcgi] recv_parse smaller funcs
  * [multiple] warn deprecated mods slated for removal
  * [core] remove redundant checks in same context
  * [core] tighten chunkqueue_steal* code; better asm
  * [build] check for preadv(), pwritev()
  * [core] pwritev w/ chunkqueue_steal_with_tempfiles
  * [core] tighten chunkqueue_mark_written; better asm
  * [doc] uncomment mod_auth load in conf.d/auth.conf
  * [core] tighten chunkqueue_small_resp_optim()
  * [core] chunkqueue_small_resp_optim if resp < 16k
  * [mod_auth] clear crypt() output if len >= 13
  * [multiple] add assert after malloc in two spots
  * [core] add HTTP/2 check resp finished w/ empty cq (#3111)
  * [core] chunkqueue_small_resp_optim() comment
2021-10-29 07:11:36 +00:00
hauke
e301735879 Un-break by making sure a py27 compatible py-pygments version gets
installed; py-docutils, which depends on it, is happy with that.
2021-10-27 10:16:44 +00:00
adam
f3a2ab5bc2 py-httpx-socks: updated to 0.5.1
v0.5.1
Fix http2 support

v0.5.0
Fix httpx v0.20.0 compatibility
2021-10-26 17:27:29 +00:00
adam
b89029c7ed py-respx: updated to 0.18.2
0.18.2

Fixed
- Include extensions when instantiating request in HTTPCoreMocker
2021-10-26 17:14:45 +00:00
nia
0a4acf7fe3 www: Replace RMD160 checksums with BLAKE2s checksums
All checksums have been double-checked against existing RMD160 and
SHA512 hashes

Not committed (merge conflicts):
www/nghttp2/distinfo

Unfetchable distfiles (almost certainly fetched conditionally...):
./www/nginx-devel/distinfo array-var-nginx-module-0.05.tar.gz
./www/nginx-devel/distinfo echo-nginx-module-0.62.tar.gz
./www/nginx-devel/distinfo encrypted-session-nginx-module-0.08.tar.gz
./www/nginx-devel/distinfo form-input-nginx-module-0.12.tar.gz
./www/nginx-devel/distinfo headers-more-nginx-module-0.33.tar.gz
./www/nginx-devel/distinfo lua-nginx-module-0.10.19.tar.gz
./www/nginx-devel/distinfo naxsi-1.3.tar.gz
./www/nginx-devel/distinfo nginx-dav-ext-module-3.0.0.tar.gz
./www/nginx-devel/distinfo nginx-rtmp-module-1.2.2.tar.gz
./www/nginx-devel/distinfo nginx_http_push_module-1.2.10.tar.gz
./www/nginx-devel/distinfo ngx_cache_purge-2.5.1.tar.gz
./www/nginx-devel/distinfo ngx_devel_kit-0.3.1.tar.gz
./www/nginx-devel/distinfo ngx_http_geoip2_module-3.3.tar.gz
./www/nginx-devel/distinfo njs-0.5.0.tar.gz
./www/nginx-devel/distinfo set-misc-nginx-module-0.32.tar.gz
./www/nginx/distinfo array-var-nginx-module-0.05.tar.gz
./www/nginx/distinfo echo-nginx-module-0.62.tar.gz
./www/nginx/distinfo encrypted-session-nginx-module-0.08.tar.gz
./www/nginx/distinfo form-input-nginx-module-0.12.tar.gz
./www/nginx/distinfo headers-more-nginx-module-0.33.tar.gz
./www/nginx/distinfo lua-nginx-module-0.10.19.tar.gz
./www/nginx/distinfo naxsi-1.3.tar.gz
./www/nginx/distinfo nginx-dav-ext-module-3.0.0.tar.gz
./www/nginx/distinfo nginx-rtmp-module-1.2.2.tar.gz
./www/nginx/distinfo nginx_http_push_module-1.2.10.tar.gz
./www/nginx/distinfo ngx_cache_purge-2.5.1.tar.gz
./www/nginx/distinfo ngx_devel_kit-0.3.1.tar.gz
./www/nginx/distinfo ngx_http_geoip2_module-3.3.tar.gz
./www/nginx/distinfo njs-0.5.0.tar.gz
./www/nginx/distinfo set-misc-nginx-module-0.32.tar.gz
2021-10-26 11:29:14 +00:00
adam
b781da588b nghttp2: updated to 1.46.0
Nghttp2 v1.46.0

build

A workaround is added to avoid the broken version check in AX_PYTHON_DEVEL macro.

It adds the missing cmake files to EXTRA_DIST.

nghttpx

HTTP/3 feature is now available with BoringSSL.

SCT data is now available with BoringSSL.

New QUIC and HTTP/3 related options were added: --frontend-quic-initial-rtt, --quic-server-id, and --rlimit-memlock.

--frontend-quic-connection-id-encryption-key has been removed, and the new option --frontend-quic-secret-file has been added which specifies initial keying materials to generate QUIC secrets and keys for connection ID and tokens. It also supports the rotation of keying materials.

HTTP/3 ALPN h3-29 is now supported.

--worker-process-grace-shutdown-period option was added to set the maximum grace period to wait for a worker process to terminate gracefully.

--max-worker-processes option was added to limit the number of the lingering worker processes.

h2load

HTTP/3 feature is now available with BoringSSL.
2021-10-26 08:32:01 +00:00
tnn
5a9d71e04a firefox: fix gcc build issue on mips64 & aarch64. Via upstream. 2021-10-25 17:44:49 +00:00
gutteridge
671a167799 firefox: 93 requires nss>=3.70 2021-10-25 01:02:38 +00:00
wen
71024b1783 Update to 0.15
Upstream changes:
0.15      2021-10-15 20:21:23-07:00 America/Vancouver
    - GH#8 - preserve newlines when collapsing whitespace; if a block of
      whitespace contains a newline, then when collapsing we collapse to a
      newline character, not just "the first whitespace char we found"
2021-10-24 07:53:16 +00:00
wen
61d72ef33b Update to 2.22
Upstream changes:
2.22      2021-09-25 23:00:59Z

    - Patch bug #100926, compatibility with CGI 4 (with fallback). (GH#9) (thrig)
    - Don't call _get_param(undef) for <select> box without name attribute
    (GH#10) (Chase Venters)
    - Whoops, speling error. (GH#8) (thrig)
    - Better indicate LICENSE details, README tweaks, more module requires (GH#7)
    (thrig)
    - rt #98012 - Missing dependency CGI (GH#6) (Martin McGrath)
    - repository cpan metadata added (GH#5) (David Steinbrunner)
    - typo fix (GH#4) (David Steinbrunner)
    - Converted repo to Dist::Zilla
2021-10-24 04:03:01 +00:00
wen
cc79dac3fb Update to 1.11
Upstream changes:
1.11 2021-09-27T04:11:20Z

    commit 239b88f865305b59f7d193f0431fcd5c03df3dd3
    Author: Harald Jörg <haj@posteo.de>
    Date:   Sun Jan 13 11:56:25 2019 +0100

        Add the list of escaped characters to the docs and clarify usage in the synopsis
2021-10-24 03:59:11 +00:00
wen
5573a149ed Update to 2.16
Upstream changes:
2.16 2021-09-01
    [FIX]
    - skip t/007_socket_perm.t on Cygwin as well as MSWin32
     (GH #20)
2021-10-24 03:56:59 +00:00
leot
a1b5caa8f2 vimb: Honors user's LDFLAGS for webext
Noticed via PKGSRC_USE_RELRO.

PKGREVISION++
2021-10-23 21:29:15 +00:00
adam
c697a466c1 py-respx: updated to 0.18.1
0.18.1
Fixed
- Respect ordered param values.
2021-10-22 11:13:26 +00:00
schmonz
406335b1d4 Add and enable httpfile. 2021-10-21 20:39:19 +00:00
schmonz
1f40118ea0 Add httpfile, a secure HTTP server derived from publicfile.
- removed ftpd
- added "Content-Encoding: gzip"
- added more 'default' filetypes
- case insensitive filetype checking
- upgraded alloc library, added memory limit
- added request timeout
- added basic authentication as a simple protection against robots
- added 301 redirect for directories
- added range support
2021-10-21 20:38:35 +00:00
adam
be70f5a802 py-respx: updated to 0.18.0
0.18.0

Fixed
- Downgrade `HTTPX` requirement to 0.20.0.

Added
- Add support for matching param with *ANY* value.
2021-10-21 13:17:09 +00:00
adam
e2d8a91dd6 py-httpx: updated to 0.20.0
0.20.0:

Changed

* The `allow_redirects` flag is now `follow_redirects` and defaults to `False`.
* The `raise_for_status()` method will now raise an exception for any responses
  except those with 2xx status codes. Previously only 4xx and 5xx status codes
  would result in an exception.
* The low-level transport API changes to the much simpler `response = transport.handle_request(request)`.
* The `client.send()` method no longer accepts a `timeout=...` argument, but the
  `client.build_request()` does. This required by the signature change of the
  Transport API. The request timeout configuration is now stored on the request
  instance, as `request.extensions['timeout']`.

Added

* Added the `httpx` command-line client.
* Response instances now include `.is_informational`, `.is_success`, `.is_redirect`, `.is_client_error`, and `.is_server_error`
  properties for checking 1xx, 2xx, 3xx, 4xx, and 5xx response types. Note that the behaviour of `.is_redirect` is slightly different in that it now returns True for all 3xx responses, in order to allow for a consistent set of properties onto the different HTTP status code types. The `response.has_redirect_location` location may be used to determine responses with properly formed URL redirects.

Fixed

* `response.iter_bytes()` no longer raises a ValueError when called on a response with no content.
* The `'wsgi.error'` configuration now defaults to `sys.stderr`, and is corrected to be a `TextIO` interface, not a `BytesIO` interface. Additionally, the WSGITransport now accepts a `wsgi_error` confguration.
* Follow the WSGI spec by properly closing the iterable returned by the application.
2021-10-21 13:16:15 +00:00
leot
8fbae3c334 webkit-gtk: Update to 2.34.1
Changes:
2.34.1
======
 - Update user agent browser versions.
 - Fix a crash with GTK >= 3.24.30.
 - Fix a crash when loading videos on reddit.
 - Fix file type detection when application calls
   g_desktop_app_info_set_as_default_for_extension() passing html.
2021-10-21 10:54:41 +00:00
wiz
b5d6d92ccd *: recursive bump for heimdal 7.7.0
its buildlink3.mk now includes openssl's buildlink3.mk
2021-10-21 07:46:31 +00:00
nia
64b6f906d7 snownews: remove dependency on libiconv 2021-10-18 11:25:11 +00:00
nia
ca307f120e snownew: update to 1.9
msharov released this Oct 2, 2021

     * Make the UI more compact.
     * Simplify HTML detagging and rewrapping.
     * Store feed cache content detagged.
     * New translation for Serbian.
     * Support ncurses without widechars.
     * Quit normally on non-fatal signals.
     * Stop using libiconv because only UTF8 is supported.
     * Remove the need to configure html_entities.
     * Ignore atom link tags where rel != alternate.
     * Fix saving of changes to smart feeds.
2021-10-18 11:24:51 +00:00
adam
33aea99470 py-mechanize: updated to 0.4.7
0.4.7 release
* Fix the ~ character being percent escaped when sending URLs to servers. See RFC 3986.

0.4.6 release
* Python 3.10 compatibility
* Fix a bug in the regex used to parse www-authenticate headers that could lead to Denial-of-Service
2021-10-15 15:02:24 +00:00
ryoon
8d9ac3e58c firefox-l10n: Update to 93.0
* Sync with www/firefox-93.0.
2021-10-15 13:01:18 +00:00
ryoon
abbc478a2d firefox: Update to 93.0
Changelog:
New

  * Firefox now supports the new AVIF image format, which is based on the
    modern and royalty free AV1 video codec. It offers significant bandwidth
    savings for sites compared to existing image formats. It also supports
    transparency and other advanced features.

  * Firefox PDF viewer now supports filling more forms (XFA-based forms, used
    by multiple governments and banks). Learn more.

  * When available system memory is critically low, Firefox on Windows will
    automatically unload tabs based on their last access time, memory usage,
    and other attributes. This should help reduce Firefox out-of-memory
    crashes. Switching to an unloaded tab automatically reloads it.

  * To prevent session loss for macOS users who are running Firefox from a
    mounted .dmg file, they??ll now be prompted to finish installation. This
    permission prompt only appears the first time these users run Firefox on
    their computer.

  * Firefox now blocks downloads that rely on insecure connections, protecting
    against potentially malicious or unsafe downloads. Learn more and see where
    to find downloads in Firefox.

  * Improved web compatibility for privacy protections with SmartBlock 3.0.
    Learn more

  * Introducing a new referrer tracking protection in Strict Tracking
    Protection and Private Browsing. Learn more

  * Introducing Firefox Suggest, a faster way to navigate the web. Learn more
    about the experience and locale-specific features.

Fixed

  * The VoiceOver screen reader now correctly reports checkable items in
    accessible tree controls as checked or unchecked.

  * The Orca screen reader now works correctly with Firefox, no longer
    requiring users to switch to another application after starting Firefox.

  * Various security fixes

Changed

  * TLS ciphersuites that use 3DES have been disabled. Such ciphersuites can
    only be enabled when deprecated versions of TLS are also enabled. Learn
    more.

  * The download panel now follows the Firefox visual styles.

Enterprise

  * Various bug fixes and new policies have been implemented in the latest
    version of Firefox. See more details in the Firefox for Enterprise 93
    Release Notes.

Developer

  * Developer Information

Web Platform

  * The UI for <input type="datetime-local"> has been implemented.

Security fixes:
#CVE-2021-38496: Use-after-free in MessageTask
#CVE-2021-38497: Validation message could have been overlaid on another origin
#CVE-2021-38498: Use-after-free of nsLanguageAtomService object
#CVE-2021-32810: Data race in crossbeam-deque
#CVE-2021-38500: Memory safety bugs fixed in Firefox 93, Firefox ESR 78.15, and
 Firefox ESR 91.2
#CVE-2021-38501: Memory safety bugs fixed in Firefox 93 and Firefox ESR 91.2
#CVE-2021-38499: Memory safety bugs fixed in Firefox 93
2021-10-15 13:00:05 +00:00
adam
5a9f54dc1b py-django-admin-sortable2: updated to 1.0.2
1.0.2

Fix regression introduced in 1.0.1, adding double item rows on SortableInlineAdminMixin and TabularInline.

1.0.1

Fix CSS classes change introduced in Django-2.1.
Prepared to run on Django-4.0.
Ditch Travis-CI in favor of GitHub Actions.
2021-10-12 18:52:58 +00:00
schmonz
09b317a0bf Update to 6.57. From the changelog:
- Update docs for protocols_allowed and protocols forbidden (GH#386)
  (Olaf Alders)
2021-10-11 20:21:35 +00:00
schmonz
dbd9ecffff Update to 9.21. From the changelog:
- Added EXPERIMENTAL support for top-level await to Mojo::Promise.
- Updated Future::AsyncAwait requirement to 0.52 for new features and
  bug fixes.
- Improved *_attr and *_text methods in Test::Mojo to return undef
  instead of empty string for values that do not exist. (tim-2)
- Fixed Mojo::DOM not to auto-close tags in <svg> and <math>
  blocks. (mkende)
- Added trace log level to Mojo::Log.
- Changed default log level in Mojo::Log from "debug" to "trace" and
  moved all built-in "debug" log messages to the level "trace". That
  will allow for the "debug" level to be used exclusively for user
  defined log messages.
- Switched from HMAC-SHA1 to HMAC-SHA256 for signed cookies. Note that
  this means that all sessions will be reset.
- Improved signed cookie based sessions to pad short values, to make it
  harder to brute force attack the application secret. (jberger)
- Remove Font Awesome from distribution.
- This release contains fixes for security issues, everybody
  should upgrade!
2021-10-11 20:19:18 +00:00
schmonz
32d9230250 Update to 1.54. From the changelog:
[ENHANCEMENTS]
Use ok() instead of cmp_ok() inside of lacks_uncapped_inputs().
This output makes more sense.

lacks_uncapped_inputs() now has a a default message if one isn't supplied.

[FIXES]
Fixed the subtest name inside of C<lacks_ids_ok>.

Fixed the minimum version of Carp::Assert::More in Makefile.PL.
2021-10-11 20:12:21 +00:00
schmonz
a4a864ed7d Update to 2.05. From the changelog:
- Update docs for protocols_allowed and protocols_forbidden (GH#323)
  (Olaf Alders)
2021-10-11 20:11:50 +00:00
schmonz
e06e36d812 Fix macOS build ("error: unknown type name 'errno_t'") with upstream
patch 2a3cca7.
2021-10-10 21:09:55 +00:00
taca
ab29a726ce www/squid4: update to 4.17
Changes in squid-4.17 (03 Oct 2021):

	- WCCP: Validate packets better
2021-10-10 15:55:47 +00:00
nia
1094812f57 Recursive revbump for multimedia/libaom 2021-10-09 15:35:02 +00:00
wiz
ec4d459a36 neon: add upstream pull request link to patches 2021-10-09 10:59:21 +00:00
wiz
bd82e3316a neon: update to 0.32.1.
Changes in release 0.32.1:
* Fix configure CFLAGS handling in Kerberos detection.
* Various spelling fixes.

Changes in release 0.32.0:
* Interface changes:
 - API and ABI backwards-compatible with 0.27.x and later
 - NE_AUTH_DIGEST now only enables RFC 2617/7616 auth by default;
   to enable weaker RFC 2069 Digest, use NE_AUTH_LEGACY_DIGEST
   (treated as a security enhancement, not an API/ABI break)
* Interface clarifications:
 - ne_auth.h: use of non-ASCII usernames with the ne_auth_creds
   callback type is now rejected for Digest auth since the
   encoding is not specified.  ne_add_auth() can be used instead.
 - ne_request.h: the ne_create_request_fn callback is passed the
   request-target using RFC 7230 terminology
* New interfaces and features:
 - ne_string.h: added ne_strhash(), ne_vstrhash(), ne_strparam()
 - ne_auth.h: added RFC 7616 (Digest authentication) support,
   including userhash=, username*= and SHA-2 algorithms
   (SHA-2 requires GnuTLS/OpenSSL).  added NE_AUTH_LEGACY_DIGEST
 - ne_auth.h: added ne_add_auth() unified auth callback interface,
   accepts (only) UTF-8 usernames, uses a larger password buffer,
   and has different/improved attempt counter semantics.
 - RFC 7617 scoping rules are now applied for Basic authentication.
 - ne_ssl.h: added ne_ssl_cert_hdigest()
 - ne_socket.h: added ne_sock_shutdown()
 - sendmsg()/send() are used with the MSG_NOSIGNAL flag to write to
   sockets on Unix, rather than write()/writev(), avoiding SIGPIPE
 - explicit_bzero() is used where available to clear credentials
* Bug fixes:
 - fixed TLS connection shutdown handling for OpenSSL 3
 - fix various Coverity and cppcheck warnings (Sebastian Reschke)
 - Kerberos library detection uses pkg-config where possible.
 - fix some configure checks on Win32 (Christopher Degawa)
 - fix some configure errors on MacOS (Ryan Schmidt)
2021-10-09 10:54:12 +00:00
tnn
529b2aa5ad remove redundant do-install, CHECK_RELRO_SKIP, INSTALLATIONS_DIRS ...
... for packages where the go-module.mk defaults DTRT as-is.
2021-10-09 10:41:07 +00:00
bsiegert
a235babfa8 Revbump all Go packages after go117 update 2021-10-08 18:55:02 +00:00
nia
b4ee45cf7d firefox91: Update to 91.2.0
Security Vulnerabilities fixed in Firefox ESR 91.2

    #CVE-2021-38496: Use-after-free in MessageTask

    #CVE-2021-38497: Validation message could have been overlaid on another
    origin

    #CVE-2021-38498: Use-after-free of nsLanguageAtomService object

    #CVE-2021-32810: Data race in crossbeam-deque

    #CVE-2021-38500: Memory safety bugs fixed in Firefox 93, Firefox ESR 78.15,
    and Firefox ESR 91.2
2021-10-08 14:41:34 +00:00
nia
27ef7ba35c firefox78-l10n: update to 78.15.0
Security Vulnerabilities fixed in Firefox ESR 78.15

    #CVE-2021-38496: Use-after-free in MessageTask

    #CVE-2021-38500: Memory safety bugs fixed in Firefox 93, Firefox ESR 78.15,
    and Firefox ESR 91.2
2021-10-08 14:09:56 +00:00
adam
dfee04535e py-h2: updatd to 4.1.0
4.1.0 (2021-10-05)
------------------
API Changes (Backward-Compatible)
- Support for Python 3.9 has been added.
- Support for Python 3.10 has been added.
- New example for a Python socket HTTP/2 client.
- New `OutputLogger` for use with ``h2.config.logger``. This is only provided
  for convenience and not part of the stable API.

Bugfixes
- Header validation now rejects empty header names with a ProtocolError. While
  hpack decodes such header blocks without issues, they violate the
  HTTP semantics.
- Fix TE header name in error message.
2021-10-08 13:21:56 +00:00
adam
cc2c9201fb py-httplib2: updated to 0.20.1
0.20.1

No changes from 0.20.0, re-upload of broken py2 wheel.

0.20.0

IMPORTANT cacerts: remove expired DST Root CA X3, add ISRG Root X1, X2
https://github.com/httplib2/httplib2/pull/200
https://github.com/httplib2/httplib2/issues/203

tls: accept min/max ssl.TLSVersion enum values
https://github.com/httplib2/httplib2/pull/191

setup(python_requires=...) may need setuptools update
https://github.com/httplib2/httplib2/pull/195
2021-10-07 19:09:49 +00:00
adam
c5a43e157a apache24: updated to 2.4.51
Changes with Apache 2.4.51

*) SECURITY: CVE-2021-42013: Path Traversal and Remote Code
   Execution in Apache HTTP Server 2.4.49 and 2.4.50 (incomplete
   fix of CVE-2021-41773) (cve.mitre.org)
   It was found that the fix for CVE-2021-41773 in Apache HTTP
   Server 2.4.50 was insufficient.  An attacker could use a path
   traversal attack to map URLs to files outside the directories
   configured by Alias-like directives.
   If files outside of these directories are not protected by the
   usual default configuration "require all denied", these requests
   can succeed. If CGI scripts are also enabled for these aliased
   pathes, this could allow for remote code execution.
   This issue only affects Apache 2.4.49 and Apache 2.4.50 and not
   earlier versions.

*) core: Add ap_unescape_url_ex() for better decoding control, and deprecate
   unused AP_NORMALIZE_DROP_PARAMETERS flag.
2021-10-07 19:05:24 +00:00
pin
2aa77dd538 www/longboard: remove arch restriction 2021-10-07 15:53:24 +00:00
nia
973412e332 www: Remove SHA1 hashes for distfiles 2021-10-07 15:06:57 +00:00
wiz
d6fdb45484 longboard: fix typo 2021-10-07 12:12:47 +00:00
pin
7af14fbcbe www/longboard: doesn't build on 32 bit systems 2021-10-07 11:46:11 +00:00
jperkin
ee8f8a1a3e py-scrapy: Switch to PYTHON_VERSIONS_INCOMPATIBLE. 2021-10-06 09:07:00 +00:00
adam
dcd28314eb apache24: updated to 2.4.50
Changes with Apache 2.4.50

*) SECURITY: CVE-2021-41773: Path traversal and file disclosure
   vulnerability in Apache HTTP Server 2.4.49 (cve.mitre.org)
   A flaw was found in a change made to path normalization in
   Apache HTTP Server 2.4.49. An attacker could use a path
   traversal attack to map URLs to files outside the expected
   document root.
   If files outside of the document root are not protected by
   "require all denied" these requests can succeed. Additionally
   this flaw could leak the source of interpreted files like CGI
   scripts.
   This issue is known to be exploited in the wild.
   This issue only affects Apache 2.4.49 and not earlier versions.
   Credits: This issue was reported by Ash Daulton along with the
   cPanel Security Team

*) SECURITY: CVE-2021-41524: null pointer dereference in h2 fuzzing
   (cve.mitre.org)
   While fuzzing the 2.4.49 httpd, a new null pointer dereference
   was detected during HTTP/2 request processing,
   allowing an external source to DoS the server. This requires a
   specially crafted request.
   The vulnerability was recently introduced in version 2.4.49. No
   exploit is known to the project.
   Credits: Apache httpd team would like to thank LI ZHI XIN from
   NSFocus Security Team for reporting this issue.

*) core: AP_NORMALIZE_DECODE_UNRESERVED should normalize the second dot in
   the uri-path when it's preceded by a dot.

*) mod_md: when MDMessageCmd for a 'challenge-setup:<type>:<dnsname>'
   fails (!= 0 exit), the renewal process is aborted and an error is
   reported for the MDomain. This provides scripts that distribute
   information in a cluster to abort early with bothering an ACME
   server to validate a dns name that will not work. The common
   retry logic will make another attempt in the future, as with
   other failures.
   Fixed a bug when adding private key specs to an already working
   MDomain, see <https://github.com/icing/mod_md/issues/260>.

*) mod_proxy: Handle UDS URIs with empty hostname ("unix:///...") as if they
   had no hostname ("unix:/...").

*) mod_md: fixed a bug in handling multiple parallel OCSP requests. These could
   run into an assertion which terminated (and restarted) the child process where
   the task was running. Eventually, all OCSP responses were collected, but not
   in the way that things are supposed to work.
   See also <https://bz.apache.org/bugzilla/show_bug.cgi?id=65567>.
   The bug was possibly triggered when more than one OCSP status needed updating
   at the same time. For example for several renewed certificates after a server
   reload.

*) mod_rewrite: Fix UDS ("unix:") scheme for

*) event mpm: Correctly count active child processes in parent process if
   child process dies due to MaxConnectionsPerChild.

*) mod_http2: when a server is restarted gracefully, any idle h2 worker
   threads are shut down immediately.
   Also, change OpenSSL API use for deprecations in OpenSSL 3.0.
   Adds all other, never proposed code changes to make a clean
   sync of http2 sources.

*) mod_dav: Correctly handle errors returned by dav providers on REPORT
   requests.

*) core: do not install core input/output filters on secondary
   connections.

*) core: Add ap_pre_connection() as a wrapper to ap_run_pre_connection()
   and use it to prevent that failures in running the pre_connection
   hook cause crashes afterwards.

*) mod_speling: Add CheckBasenameMatch.
2021-10-05 19:22:08 +00:00
adam
c83eaf70fe py-django-cors-headers: updated to 3.10.0
3.10.0 (2021-10-05)
-------------------
* Support Python 3.10.

3.9.0 (2021-09-28)
------------------
* Support Django 4.0.
2021-10-05 18:35:14 +00:00
adam
e6c5c00c74 py-django3: updated to 3.2.8
Django 3.2.8 fixes two bugs in 3.2.7.

Bugfixes

Fixed a bug in Django 3.2 that caused incorrect links on read-only fields in the admin.
Fixed a regression in Django 3.2 that caused incorrect selection of items across all pages when actions were placed both on the top and bottom of the admin change-list view.
2021-10-05 18:33:49 +00:00
wiz
a6c9354587 lighttpd: update to 1.4.60.
Highlights

* improve performance, reduce memory use, bugfixes
* HTTP/2 smoother and lower memory use (in general)
* HTTP/2 tuning to better handle aggressive client initial requests
* reduce memory footprint; workaround poor glibc behavior; jemalloc is better
* mod_magnet lua performance improvements
* mod_dirlisting performance improvements and new caching option
* memory constraints for extreme edge cases in mod_dirlisting, mod_ssi, mod_webdav
* connect(), write(), read() time limits on backends (separate from client timeouts)
* lighttpd restarts if large discontinuity in time occurs (embedded systems)
* RFC7233 Range support for all non-streaming responses, not only static files
2021-10-04 09:13:22 +00:00
pin
226e5b16e3 www/badwolf: update to 1.2.0
-Change buildsystem to use a ./configure script
-badwolf.1: Add tip to list dictionairies in enchant
-badwolf.h: Add WEBKIT_CHECK_VERSION
-Switch from libsoup-2.4 to glib's GUri
-badwolf.1: Fix gtk-doc css-properties URL
2021-10-04 07:45:51 +00:00
tnn
7af6e4eba9 firefox: sync CHECK_PORTABILITY_SKIPs w/ devel/nss 2021-10-02 13:10:52 +00:00
wen
8830ec16d6 Update to 1.36.2
Upstream changes please visit:
https://phabricator.wikimedia.org/source/mediawiki/browse/REL1_36/RELEASE-NOTES-1.36
2021-10-02 01:52:48 +00:00
tsutsui
c20c09a7d0 ruby-httpclient: workaround expired root certificates.
https://github.com/nahi/httpclient/pull/447
Bump PKGREVISION.
2021-10-01 15:31:26 +00:00
gutteridge
dd8d572648 firefox: 92 requires nss>=3.69 2021-10-01 13:31:52 +00:00
ryoon
f1d000a7fe firefox: Revert accidentally committed part 2021-09-30 14:25:18 +00:00
ryoon
10c86b129a firefox: Fix SITES for nodejs-output-92.0.tgz 2021-09-30 14:24:00 +00:00
ryoon
b92e4dbb4e firefox-l10n: Update to 92.0.1
* Sync with www/firefox-92.0.1.
2021-09-30 14:20:01 +00:00
ryoon
86f357a371 firefox: Update to 92.0.1
Changelog:
92.0.1
Fixed

  * Fixes an issue where audio playback was not working on some Linux systems (
    bug 1730499)

  * Fixes issues with the findbar close button on different operating systems (
    bug 1728368)

92.0
New

  * More secure connections: Firefox can now automatically upgrade to HTTPS
    using HTTPS RR as Alt-Svc headers.

  * Full-range color levels are now supported for video playback on many
    systems.

  * Mac users can now access the macOS share options from the Firefox File
    menu.

  * Support for images containing ICC v4 profiles is enabled on macOS.

Fixed

  * Firefox performance with screen readers and other accessibility tools is no
    longer severely degraded if Mozilla Thunderbird is installed or updated
    after Firefox.

  * macOS VoiceOver now correctly reports buttons and links marked as ??
    expanded?? using the aria-expanded attribute.

  * An open alert in a tab no longer causes performance issues in other tabs
    using the same process.

  * Various security fixes

Changed

  * Canonical is now building the official Firefox snap. It's also now
    available on two additional architectures, ARMhf and ARM64.

  * The bookmark toolbar menus on macOS now follow Firefox visual styles.

  * Certificate error pages have been redesigned for a better user experience.

  * Continuing work to restructure Firefox??s JavaScript memory management to
    be more performant and use less memory.
2021-09-30 14:18:27 +00:00
adam
5e7c36d9d2 revbump for boost-libs 2021-09-29 19:00:02 +00:00
adam
d59bd4e3fa nghttp2: updated to 1.45.1
Nghttp2 v1.45.1

build

This release fixes packaging issues which lack some configuration files in tar archives.


Nghttp2 v1.45.0

lib

Stricter checks for :method: and :path pseudo header fields are introduced.

build

nghttp2 applications can be compiled with OpenSSL v3.0.0.

Fix warning about systemd when cmake is used.

Added build options to enable HTTP/3 and eBPF.

nghttpx

The experimental HTTP/3 support has been added.

“dnf” (= “do not forward”) parameter is added to backend option.

h2load

The experimental HTTP/3 support has been added.

SSLKEYLOGFILE environment variable support has been added.
2021-09-29 11:46:39 +00:00
adam
31efe92047 py-urllib3: updated to 1.26.7
1.26.7
------
* Fixed a bug with HTTPS hostname verification involving IP addresses and lack
  of SNI.
* Fixed a bug where IPv6 braces weren't stripped during certificate hostname
  matching.
2021-09-29 09:24:21 +00:00
wiz
33dc5de577 *: recursive bump for vala 0.54 2021-09-29 09:10:30 +00:00
nikita
a26aaf4dd6 www: remove gnurl from www/Makefile, doc: add Removed entry 2021-09-29 07:44:43 +00:00
nikita
695b4b1a6d Remove www/gnurl, move to wip/gnurl. 2021-09-29 07:18:07 +00:00
leot
09c535e25d webkit-gtk: Update to 2.34.0
Changes:
2.34.0
------
 - Add support for HTTP/2 when building with libsoup3.
 - Add support for CSS Scroll Snap.
 - Add support for date and datetime-local input elements.
 - Add support for display capture.
 - Add support for ICC color management.
 - Add support color-schemes CSS property.
 - Add support for link preconnect when building with libsoup3.
 - Add support for client side certificates when building with libsoup3.
 - Add multi-track support to MSE media backend.
 - Add new API to handle web process unresponsiveness.
 - Add API to disable CORS on a web view for particular domains.
 - Add new API to access/modify capture devices states.
 - Add new API to configure the memory pressure handler.
2021-09-28 22:11:54 +00:00
manu
6e9ea1a04d Use spinlocks instead of default fcntl locks
This is only available on x86. Note that default fcntl implementation
is not only slower, it also leaks file descriptor on apachectl graceful.
2021-09-28 13:22:27 +00:00
jperkin
317f8a4a0a apache24: Support GCC >= 10. 2021-09-28 13:01:37 +00:00
adam
19cf8f0066 py-furl: updated to 2.1.3
v2.1.3
Fixed: Actually drop ';' as a query delimiter.
2021-09-28 10:21:36 +00:00
adam
1de80d9ed8 curl: updated to 7.79.1
Fixed in 7.79.1

Bugfixes:

Curl_http2_setup: don't change connection data on repeat invokes
curl_multi_fdset: make FD_SET() not operate on sockets out of range
dist: provide lib/.checksrc in the tarball
FAQ: add GOPHERS + curl works on data, not files
hsts: CURLSTS_FAIL from hsts read callback should fail transfer
hsts: handle unlimited expiry
http: fix the broken >3 digit response code detection
strerror: use sys_errlist instead of strerror on Windows
test1184: disable
tests/sshserver.pl: make it work with openssh-8.7p1
2021-09-27 18:53:44 +00:00
mef
1133a2549c (www/phraseanet-indexer) Use function name mysql_init to check 2021-09-26 05:58:36 +00:00
mef
44e3061d25 (www/wiliki) Remove the line temporarily added 2021-09-26 01:26:51 +00:00
mef
6112807efb (www/wiliki) fix typo, sorry 2021-09-26 01:21:51 +00:00
mef
d12c8530f2 (www/wiliki) regen PLIST, set LICENSE to mit 2021-09-26 00:59:56 +00:00
nia
d1e4b4e80c firefox*: remove unhelpful workaround for netbsd-8 2021-09-22 12:52:17 +00:00
mef
f7907dfabe (www/R-RCurl) Updated 1.98.1.4 to 1.98.1.5
ChangeLog unknown, inst/doc/Changes.html is outdated
2021-09-20 04:01:52 +00:00
gutteridge
62a9e4f8e1 ruby-pygments.rb: update some metadata (NFC)
Update description and home page, per request from the current
 upstream developer of this package. Addresses a PR submitted as
 https://github.com/NetBSD/pkgsrc/pull/88. While here, address a
 pkglint warning that it's associated with the wrong category.
2021-09-19 18:52:44 +00:00
taca
10c2432b38 www/ruby-websocket-driver: update to 0.7.5
0.7.5 (2021-06-12)

* Do not change the encoding of strings passed to Driver#text

0.7.4 (2021-05-24)

* Optimise conversions between strings and byte arrays and related encoding
  operations, to reduce amount of allocation and copying
2021-09-19 18:00:35 +00:00
taca
f71f5ec62a www/ruby-rouge: update to 3.26.1
3.26.1: 2021-09-17

* CPP Lexer

  Add year and date chrono literals, add std::complex literals, fix chrono
  literals with digit separator (#1665 by swheaton)

* Factor and GHC Core Lexer

  Fix catastrophic backtrack (#1690 by Ravlen)

* JSL Lexer

  Fix single line block comments, scoped variables and functions (#1663 by
  BenPH)

* YAML Lexer

  Fix YAML key containing special character (#1667 by tancnle)

* Fix Ruby 2.7 keyword parameter deprecation warning (#1597 by stanhu)
* Updated README (#1666 by dchacke)
2021-09-19 17:59:12 +00:00
taca
81624692eb www/ruby-puma: update to 5.4.0
5.4.0 (2021-07-28)

Features

* Better/expanded names for threadpool threads (#2657)
* Allow pkg_config for OpenSSL (#2648, #1412)
* Add rack_url_scheme to Puma::DSL, allows setting of rack.url_scheme header
  (#2586, #2569)

Bugfixes

* Binder#parse - allow for symlinked unix path, add create_activated_fds
  debug ENV (#2643, #2638)
* Fix deprecation warning: minissl.c - Use Random.bytes if available (#2642)
* Client certificates: set session id context while creating SSLContext
  (#2633)
* Fix deadlock issue in thread pool (#2656)

Refactor

* Replace IO.select with IO#wait_* when checking a single IO (#2666)
2021-09-19 17:56:43 +00:00
taca
b7700ac0a7 www/ruby-mechanize: update to 2.8.2
2.8.2 (2021-08-06)

Dependencies

* Update dependency on Addressable from ~>2.7 to ~>2.8. (#584) @yidingww
2021-09-19 17:54:44 +00:00
taca
9a48539d43 www/ruby-loofah: update to 2.12.0
2.12.0 (2021-08-11)

Features

* Support empty HTML5 data attributes. [#215]

2.11.0 (2021-07-31)

Features

* Allow HTML5 element wbr.
* Allow all CSS property values for border-collapse. [#201]

Changes

* Deprecating Loofah::HTML5::SafeList::VOID_ELEMENTS which is not a
  canonical list of void HTML4 or HTML5 elements.
* Removed some elements from Loofah::HTML5::SafeList::VOID_ELEMENTS that
  either are not acceptable elements or aren't considered "void" by libxml2.
2021-09-19 17:53:13 +00:00
taca
a2ae6a1ac8 www/ruby-faye-websocket: update to 0.11.1
0.11.1 (2021-05-24)

* Prevent the client hanging if close() is called when already closing
2021-09-19 17:51:43 +00:00
taca
d689054167 www/ruby-faraday_middleware: update to 1.1.0
1.1.0 (2021-07-31)

Features

* Use wrapped exception in Faraday::ParsingError to improve legibility of
  the error (#255, @d-m-u)

Bugs fixed

* Use JSON.generate instead of .dump in request middleware (#266,
  @Be-ngt-oH)

Chores and misc

* Add rubocop-package and drop git ls-files in gemspec (#263, @utkarsh2102)
2021-09-19 17:49:58 +00:00
taca
4d98e3da99 www/ruby-faraday: update to 1.8.0
1.7.2 (2021-09-13)

* Fix deprecation warning (#1323)


1.8.0 (2021-09-18)

Features

* Backport authorization procs (#1322, @jarl-dk)
2021-09-19 17:48:05 +00:00
taca
5f150d9285 www/ruby-aws-sdk-secretsmanager: update to 1.49.0
1.49.0 (2021-09-01)

* Feature - Code Generated Changes, see ./build_tools or aws-sdk-core's
  CHANGELOG.md for details.
2021-09-19 17:44:25 +00:00
taca
7bb41143e7 www/ruby-aws-sdk-core: update to 3.121.0
3.121.0 (2021-09-02)

* Feature - Add support for S3 Multi-region access point configuration.

3.120.0 (2021-09-01)

* Feature - AWS SDK for Ruby no longer supports Ruby runtime versions 1.9,
  2.0, 2.1, and 2.2.
2021-09-19 17:43:07 +00:00
taca
3c00394b7c www/ruby-aws-sigv4: update to 1.4.0
1.4.0 (2021-09-02)

* Feature - add signing_algorithm option with sigv4 default.

1.3.0 (2021-09-01)

* Feature - AWS SDK for Ruby no longer supports Ruby runtime versions 1.9,
  2.0, 2.1, and 2.2.
2021-09-19 17:40:32 +00:00
taca
a568ad96c6 www/ruby-aws-partitions: update to 1.503.0
1.503.0 (2021-09-17)

* Feature - Updated the partitions source data the determines the AWS
  service regions and endpoints.

1.502.0 (2021-09-16)

* Feature - Added support for enumerating regions for Aws::KafkaConnect.

1.501.0 (2021-09-13)

* Feature - Updated the partitions source data the determines the AWS
  service regions and endpoints.

1.500.0 (2021-09-10)

* Feature - Updated the partitions source data the determines the AWS
  service regions and endpoints.

1.499.0 (2021-09-09)

* Feature - Updated the partitions source data the determines the AWS
  service regions and endpoints.

1.498.0 (2021-09-08)

* Feature - Added support for enumerating regions for
  Aws::OpenSearchService.

1.497.0 (2021-09-07)

* Feature - Updated the partitions source data the determines the AWS
  service regions and endpoints.

1.496.0 (2021-09-03)

* Feature - Updated the partitions source data the determines the AWS
  service regions and endpoints.

1.495.0 (2021-09-02)

* Feature - Updated the partitions source data the determines the AWS
  service regions and endpoints.

1.494.0 (2021-09-01)

* Feature - Updated the partitions source data the determines the AWS
  service regions and endpoints.
* Feature - AWS SDK for Ruby no longer supports Ruby runtime versions 1.9,
  2.0, 2.1, and 2.2.

1.493.0 (2021-08-31)

* Feature - Updated the partitions source data the determines the AWS
  service regions and endpoints.
2021-09-19 17:39:11 +00:00
taca
6818cb0286 www/ruby-aws-eventstream: update to 1.2.0
1.2.0 (2021-09-01)

* Feature - AWS SDK for Ruby no longer supports Ruby runtime versions 1.9,
  2.0, 2.1, and 2.2.
2021-09-19 17:36:42 +00:00
bsiegert
fc1023b178 go-gohtml: remove.
Old-style Go package, not useful on its own, nothing depends on this.
2021-09-19 14:01:22 +00:00
bsiegert
dc829a16e2 caddy: update to 2.4.5.
2.4.4
-----
This release contains numerous bug fixes, updated dependencies, and QoL
improvements.

Update: This release contains a known regression in the combination of encode
and reverse_proxy modules; please use v2.4.5 instead.

2.4.5
-----
A hotfix for a regression introduced in v2.4.4 related to combining the encode
and reverse_proxy directives.
2021-09-19 12:35:44 +00:00
jklos
72f0916c32 Alpha is 64 bits. 2021-09-18 22:10:22 +00:00
leot
fb951ce9aa webkit-gtk: Update to 2.32.4
Changes:
2.32.4
------
 - Do not append .asc extension to downloaded text/plain files.
 - Fix several crashes and rendering issues.
2021-09-17 15:50:34 +00:00
adam
44658b9cae py-flask-restful: updated to 0.3.9
Version 0.3.9
Compatibility with Flask 2.0
2021-09-17 14:26:11 +00:00
bsiegert
a7061b5550 Revbump all Go packages after go117 update 2021-09-17 13:52:45 +00:00
adam
04ee1d2d7d apache24: updated to 2.4.49
Changes with Apache 2.4.49

*) SECURITY: CVE-2021-40438 (cve.mitre.org)
   mod_proxy: Server Side Request Forgery (SSRF) vulnerabilty [Yann Ylavic]

*) SECURITY: CVE-2021-39275 (cve.mitre.org)
   core: ap_escape_quotes buffer overflow

*) SECURITY: CVE-2021-36160 (cve.mitre.org)
   mod_proxy_uwsgi: Out of bound read vulnerability [Yann Ylavic]

*) SECURITY: CVE-2021-34798 (cve.mitre.org)
   core: null pointer dereference on malformed request

*) SECURITY: CVE-2021-33193 (cve.mitre.org)
   mod_http2: Request splitting vulnerability with mod_proxy [Stefan Eissing]

*) core/mod_proxy/mod_ssl:
   Adding `outgoing` flag to conn_rec, indicating a connection is
   initiated by the server to somewhere, in contrast to incoming
   connections from clients.
   Adding 'ap_ssl_bind_outgoing()` function that marks a connection
   as outgoing and is used by mod_proxy instead of the previous
   optional function `ssl_engine_set`. This enables other SSL
   module to secure proxy connections.
   The optional functions `ssl_engine_set`, `ssl_engine_disable` and
   `ssl_proxy_enable` are now provided by the core to have backward
   compatibility with non-httpd modules that might use them. mod_ssl
   itself no longer registers these functions, but keeps them in its
   header for backward compatibility.
   The core provided optional function wrap any registered function
   like it was done for `ssl_is_ssl`.
   [Stefan Eissing]

*) mod_ssl: Support logging private key material for use with
   wireshark via log file given by SSLKEYLOGFILE environment
   variable.  Requires OpenSSL 1.1.1.  PR 63391.  [Joe Orton]

*) mod_proxy: Do not canonicalize the proxied URL when both "nocanon" and
   "ProxyPassInterpolateEnv On" are configured.  PR 65549.
   [Joel Self <joelself gmail.com>]

*) mpm_event: Fix children processes possibly not stopped on graceful
   restart.  PR 63169.  [Joel Self <joelself gmail.com>]

*) mod_proxy: Fix a potential infinite loop when tunneling Upgrade(d)
   protocols from mod_proxy_http, and a timeout triggering falsely when
   using mod_proxy_wstunnel, mod_proxy_connect or mod_proxy_http with
   upgrade= setting.  PRs 65521 and 65519.  [Yann Ylavic]

*) mod_unique_id: Reduce the time window where duplicates may be generated
   PR 65159
   [Christophe Jaillet]

*) mpm_prefork: Block signals for child_init hooks to prevent potential
   threads created from there to catch MPM's signals.
   [Ruediger Pluem, Yann Ylavic]

*) Revert "mod_unique_id: Fix potential duplicated ID generation under heavy load.
   PR 65159" added in 2.4.47.
   This causes issue on Windows.
   [Christophe Jaillet]

*) mod_proxy_uwsgi: Fix PATH_INFO setting for generic worker.  [Yann Ylavic]

*) mod_md: Certificate/keys pairs are verified as matching before a renewal is accepted
   as successful or a staged renewal is replacing the existing certificates.
   This avoid potential mess ups in the md store file system to render the active
   certificates non-working. [@mkauf]

*) mod_proxy: Faster unix socket path parsing in the "proxy:" URL.
   [Yann Ylavic]

*) mod_ssl: tighten the handling of ALPN for outgoing (proxy)
   connections. If ALPN protocols are provided and sent to the
   remote server, the received protocol selected is inspected
   and checked for a match. Without match, the peer handshake
   fails.
   An exception is the proposal of "http/1.1" where it is
   accepted if the remote server did not answer ALPN with
   a selected protocol. This accomodates for hosts that do
   not observe/support ALPN and speak http/1.x be default.

*) mod_proxy: Fix possible reuse/merging of Proxy(Pass)Match worker instances
   with others when their URLs contain a '$' substitution.  PR 65419 + 65429.
   [Yann Ylavic]

*) mod_dav: Add method_precondition hook. WebDAV extensions define
   conditions that must exist before a WebDAV method can be executed.
   This hook allows a WebDAV extension to verify these preconditions.
   [Graham Leggett]

*) Add hooks deliver_report and gather_reports to mod_dav.h. Allows other
   modules apart from versioning implementations to handle the REPORT method.
   [Graham Leggett]

*) Add dav_get_provider(), dav_open_lockdb(), dav_close_lockdb() and
   dav_get_resource() to mod_dav.h. [Graham Leggett]

*) core: fix ap_escape_quotes substitution logic. [Eric Covener]

*) Easy patches: synch 2.4.x and trunk
   - mod_auth_basic: Use ap_cstr_casecmp instead of strcasecmp.
   - mod_ldap: log and abort locking errors.
   - mod_ldap: style fix for r1831165
   - mod_ldap: build break fix for r1831165
   - mod_deflate: Avoid hard-coded "%ld" format strings in mod_deflate's logging statements
   - mod_deflate: Use apr_uint64_t instead of uint64_t (follow up to r1849590)
   - mod_forensic: Follow up to r1856490: missing one mod_log_forensic test_char_table case.
   - mod_rewrite: Save a few cycles.
   - mod_request: Fix a comment (missing '_' in 'keep_body') and some style issues
   - core: remove extra whitespace in HTTP_NOT_IMPLEMENTED
  [Christophe Jaillet]

*) core/mpm: add hook 'child_stopping` that gets called when the MPM is
   stopping a child process. The additional `graceful` parameter allows
   registered hooks to free resources early during a graceful shutdown.
   [Yann Ylavic, Stefan Eissing]

*) mod_proxy: Fix icomplete initialization of BalancerMember(s) from the
   balancer-manager, which can lead to a crash.  [Yann Ylavic]

*) mpm_event: Fix graceful stop/restart of children processes if connections
   are in lingering close for too long.  [Yann Ylavic]

*) mod_md: fixed a potential null pointer dereference if ACME/OCSP
   server returned 2xx responses without content type. Reported by chuangwen.
   [chuangwen, Stefan Eissing]

*) mod_md:
   - Domain names in `<MDomain ...>` can now appear in quoted form.
   - Fixed a failure in ACME challenge selection that aborted further searches
     when the tls-alpn-01 method did not seem to be suitable.
   - Changed the tls-alpn-01 setup to only become unsuitable when none of the
     dns names showed support for a configured 'Protocols ... acme-tls/1'. This
     allows use of tls-alpn-01 for dns names that are not mapped to a VirtualHost.
   [Stefan Eissing]

*) Add CPING to health check logic. [Jean-Frederic Clere]

*) core: Split ap_create_request() from ap_read_request(). [Graham Leggett]

*) core, h2: common ap_parse_request_line() and ap_check_request_header()
   code. [Yann Ylavic]

*) core: Add StrictHostCheck to allow unconfigured hostnames to be
   rejected. [Eric Covener]

*) htcacheclean: Improve help messages.  [Christophe Jaillet]
2021-09-17 12:49:57 +00:00
nia
aef8520349 luakit: add missing libraries on SunOS 2021-09-17 10:24:08 +00:00
nia
f2a64ba862 firefox: Use "unofficial" branding
Firefox's build system defaults to "nightly" for builds without official
branding, and in practice there seems to be very little difference between
"nightly" and "unofficial", but this at least makes our choice explicit.

Bump PKGREVISION
2021-09-16 21:12:48 +00:00
nia
c0f9870c5f firefox: we no longer install to share/pixmaps 2021-09-16 20:47:40 +00:00
nia
03c116b990 firefox91: we no longer install to share/pixmaps 2021-09-16 20:46:35 +00:00
nia
ce3bd322e9 firefox91: Explicitly use "unofficial" branding
Firefox's build system defaults to "nightly" for builds without official
branding, and in practice there seems to be very little difference between
"nightly" and "unofficial", but this at least makes our choice explicit.

Bump PKGREVISION
2021-09-16 20:45:38 +00:00
nia
64373cc00f firefox78: Install various icon sizes. Explicitly use "unofficial" branding.
Bump PKGREVISION.
2021-09-16 19:49:15 +00:00
nia
adf646fae6 firefox91: install scalable icons, bump PKGREVISION 2021-09-16 17:47:13 +00:00
nia
7cf596e7f6 firefox: Install scalable icon sizes, bump PKGREVISION 2021-09-16 16:46:24 +00:00
nia
a8c17e3644 seamonkey-l10n: sync with seamonkey 2021-09-16 15:01:17 +00:00
nia
e17a83f041 seamonkey: update to 2.53.9. Fix build.
Release notes:
https://www.seamonkey-project.org/releases/seamonkey2.53.9/#new
2021-09-16 14:59:32 +00:00
adam
2de9b4efaf nginx-devel: updated to 1.21.3
Changes with nginx 1.21.3                                        07 Sep 2021

    *) Change: optimization of client request body reading when using
       HTTP/2.

    *) Bugfix: in request body filters internal API when using HTTP/2 and
       buffering of the data being processed.


Changes with nginx 1.21.2                                        31 Aug 2021

    *) Change: now nginx rejects HTTP/1.0 requests with the
       "Transfer-Encoding" header line.

    *) Change: export ciphers are no longer supported.

    *) Feature: OpenSSL 3.0 compatibility.

    *) Feature: the "Auth-SSL-Protocol" and "Auth-SSL-Cipher" header lines
       are now passed to the mail proxy authentication server.
       Thanks to Rob Mueller.

    *) Feature: request body filters API now permits buffering of the data
       being processed.

    *) Bugfix: backend SSL connections in the stream module might hang after
       an SSL handshake.

    *) Bugfix: the security level, which is available in OpenSSL 1.1.0 or
       newer, did not affect loading of the server certificates when set
       with "@SECLEVEL=N" in the "ssl_ciphers" directive.

    *) Bugfix: SSL connections with gRPC backends might hang if select,
       poll, or /dev/poll methods were used.

    *) Bugfix: when using HTTP/2 client request body was always written to
       disk if the "Content-Length" header line was not present in the
       request.
2021-09-15 12:37:33 +00:00
adam
a017ba769a nginx: updated nchan module; bumped revision
1.2.10 (Aug. 25 2021)
 fix: Nchan could not be built without openssl due to hiredis dependency
      (introduced in v1.2.9)
 feature: allow no separator for http-raw-stream (thanks @sclem)

1.2.9 (Aug. 12 2021)
 feature: Redis cluster reconfiguration check timer,
      nchan_redis_cluster_check_interval setting
 fix: detect Redis cluster reconfiguration when publishing messages in "nostore" mode
 update: hiredis updated to v1.0.0
 fix: segfault on out-of-shared-memory condition for multiplexed publishers
2021-09-15 12:37:05 +00:00
wiz
3ce5d05715 curl: update to 7.79.0.
This release includes the following changes:

 o bearssl: support CURLOPT_CAINFO_BLOB [3]
 o http: consider cookies over localhost to be secure [24]
 o secure transport: support CURLINFO_CERTINFO [63]

This release includes the following bugfixes:

 o CVE-2021-22945: clear the leftovers pointer when sending succeeds [112]
 o CVE-2021-22946: do not ignore --ssl-reqd [111]
 o CVE-2021-22947: reject STARTTLS server response pipelining [110]
 o ares: use ares_getaddrinfo() [51]
 o asyn-ares.c: move all version number checks to the top
 o auth: do not append zero-terminator to authorisation id in kerberos [32]
 o auth: properly handle byte order in kerberos security message [36]
 o auth: use sasl authzid option in kerberos [34]
 o auth: we do not support a security layer after kerberos authentication [35]
 o BINDINGS.md: update links to use https where available [50]
 o build: fix compiler warnings [39]
 o c-hyper: deal with Expect: 100-continue combined with POSTFIELDS [66]
 o c-hyper: fix header value passed to debug callback [46]
 o c-hyper: handle HTTP/1.1 => HTTP/1.0 downgrade on reused connection [65]
 o c-hyper: initial step for 100-continue support [43]
 o c-hyper: initial support for "dumping" 1xx HTTP responses [40]
 o c-hyper: remove the hyper_executor_poll() loop from Curl_http [13]
 o CI/cirrus: reduce compile time with increased parallism [19]
 o CI: use GitHub Container Registry instead of Docker Hub [47]
 o cirrus: Add FreeBSD 13.0 job and disable sanitizer build [128]
 o cmake: avoid poll() on macOS [59]
 o cmake: sync CURL_DISABLE options [55]
 o codeql: fix error "Resource not accessible by integration" [61]
 o compressed.d: it's a request, not an order [21]
 o config.d: escape the backslash properly [81]
 o config.d: note that curlrc is used even when --config [107]
 o config: get rid of the unused HAVE_SIG_ATOMIC_T et. al.
 o configure.ac: revert bad nghttp2 library detection improvements [9]
 o configure: error out if both ngtcp2 and quiche are specified [30]
 o configure: make --disable-hsts work [106]
 o configure: set classic mingw minimum OS version to XP [83]
 o configure: tweak nghttp2 library name fix [2]
 o connect: get local port + ip also when reusing connections [95]
 o connect: remove superfluous conditional [23]
 o curl-openssl.m4: check lib64 for the pkg-config file [14]
 o curl-openssl.m4: show correct output for OpenSSL v3 [75]
 o curl.1: mention "global" flags [7]
 o curl.1: provide examples for each option [99]
 o curl: add warning for ignored data after quoted form parameter [60]
 o curl: add warning for incompatible parameters usage [102]
 o curl: better error message when -O fails to get a good name [88]
 o curl: stop retry if Retry-After: is longer than allowed [104]
 o curl_easy_setopt.3: improve the string copy wording [89]
 o Curl_hsts_loadcb: don't attempt to load if hsts wasn't inited [116]
 o curl_setup.h: sync values for HTTP_ONLY [82]
 o curl_url_get.3: clarify about path and query [45]
 o CURLMOPT_TIMERFUNCTION.3: remove misplaced "time" [5]
 o CURLOPT_DOH_URL.3: CURLOPT_OPENSOCKETFUNCTION is not inherited [8]
 o CURLOPT_SSL_CTX_*.3: tidy up the example [15]
 o CURLOPT_UNIX_SOCKET_PATH.3: remove nginx reference, add see also [90]
 o docs/MQTT: update state of username/password support [4]
 o docs: remove experimental mentions from HSTS and MQTT [93]
 o docs: the security list is reached at security at curl.se now [124]
 o easy: use a custom implementation of wcsdup on Windows [31]
 o examples/*hiperfifo.c: fix calloc arguments to match function proto [103]
 o examples/cookie_interface: avoid printfing time_t directly [18]
 o examples/cookie_interface: fix scan-build printf warning [16]
 o examples/ephiperfifo.c: simplify signal handler [42]
 o FAQ: add two dev related questions [108]
 o getparameter: fix the --local-port number parser [58]
 o happy-eyeballs-timeout-ms.d: polish the wording [10]
 o hostip: Make Curl_ipv6works function independent of getaddrinfo [26]
 o http2: Curl_http2_setup needs to init stream data in all invokes [119]
 o http2: revert a change that broke upgrade to h2c [57]
 o http2: revert call the handle-closed function correctly on closed stream [25]
 o http: disallow >3-digit response codes [80]
 o http: ignore content-length if any transfer-encoding is used [101]
 o http_proxy: clear 'sending' when the outgoing request is sent [6]
 o http_proxy: fix the User-Agent inclusion in CONNECT [115]
 o http_proxy: fix user-agent and custom headers for CONNECT with hyper [38]
 o http_proxy: only wait for writable socket while sending request [78]
 o INTERNALS: bump c-ares requirement to 1.16.0
 o INTERNALS: c-ares has a new home: c-ares.org
 o lib: don't use strerror() [127]
 o libcurl-errors.3: clarify two CURLUcode errors [72]
 o limit-rate.d: clarify base unit [17]
 o mailing lists: move from cool.haxx.se to lists.haxx.se
 o mbedtls: avoid using a large buffer on the stack [105]
 o mbedTLS: initial 3.0.0 support [33]
 o mbedtls_threadlock: fix unused variable warning [11]
 o mksymbolsmanpage.pl: Fix showing symbol's last used version [76]
 o mksymbolsmanpage.pl: match symbols case insenitively [77]
 o multi: fix compiler warning with `CURL_DISABLE_WAKEUP` [96]
 o ngtcp2: compile with the latest ngtcp2 and nghttp3 [12]
 o ngtcp2: fix build with ngtcp2 and nghttp3 [117]
 o ngtcp2: remove the acked_crypto_offset struct field init [64]
 o ngtcp2: replace deprecated functions with nghttp3_conn_shutdown_stream_read [28]
 o ngtcp2: reset the oustanding send buffer again when drained [53]
 o ngtcp2: rework the return value handling of ngtcp2_conn_writev_stream [29]
 o ngtcp2: stop buffering crypto data [85]
 o ngtcp2: utilize crypto API functions to simplify [52]
 o openssl: annotate SSL3_MT_SUPPLEMENTAL_DATA [98]
 o openssl: when creating a new context, there cannot be an old one [48]
 o opt-docs: make sure all man pages have examples [92]
 o opt-docs: verify man page sections + order [91]
 o opts docs: unify phrasing in NAME header [126]
 o output.d: add method to suppress response bodies [49]
 o page-header: add GOPHERS, simplify wording in the 1st para [94]
 o progress: fix a compile warning on some systems [54]
 o progress: make trspeed avoid floats [100]
 o runtests: add option -u to error on server unexpectedly alive [125]
 o schannel: Work around typo in classic mingw macro [84]
 o scripts: invoke interpreters through /usr/bin/env [68]
 o setopt: enable CURLOPT_IGNORE_CONTENT_LENGTH for hyper [70]
 o strerror.h: remove the #include from files not using it
 o symbols-in-versions: fix CURLSSLBACKEND_QSOSSL last used version [73]
 o test1138: remove trailing space to make work with hyper [71]
 o test1173: check references to libcurl options [69]
 o test1280: CRLFify the response to please hyper [86]
 o test1565: fix windows build errors [27]
 o test365: verify response with chunked AND Content-Length headers
 o tests/*server.pl: flush output before executing subprocess [41]
 o tests/*server.py: remove pidfile on server termination [1]
 o tests/runtests.pl: cleanup copy&paste mistakes and unused code
 o tests/server/*.c: align handling of portfile argument and file [56]
 o tests: adjust the tftpd output to work with hyper mode [97]
 o tests: be explicit about using 'python3' instead of 'python' [67]
 o tests: enable test 1129 for hyper builds [87]
 o tests: make three tests pass until 2037 [22]
 o tool/tests: fix potential year 2038 issues [20]
 o tool_operate: Fix --fail-early with parallel transfers [62]
 o url: fix compiler warning in no-verbose builds [120]
 o urlapi.c:seturl: assert URL instead of using if-check [74]
 o vtls: fix typo in schannel_verify.c [44]
 o winbuild/README.md: clarify GEN_PDB option
 o wolfssl: clean up wolfcrypt error queue [79]
 o write-out.d: clarify size_download/upload [118]
 o x509asn1: fix heap over-read when parsing x509 certificates [37]
2021-09-15 06:26:00 +00:00
adam
7e5f2dfad2 py-httpcore: updated to 0.13.7
0.13.7
- Fix broken error messaging when URL scheme is missing, or a non HTTP(S) scheme is used.
2021-09-14 06:42:49 +00:00
nia
d231bec10d firefox-esr: point at firefox91 2021-09-14 06:28:57 +00:00
triaxx
0b0d82225e grafana: Update to 8.1.3
upstream changes:
-----------------
Bug fixes
  o Alerting: Fix alert flapping in the internal alertmanager. #38648, @gotjosh
  o Alerting: Fix request handler failed to convert dataframe "results" to
    plugins.DataTimeSeriesSlice: input frame is not recognized as a time
    series.  #38587, @idafurjes
  o Dashboard: Fix UIDs are not preserved when importing/creating dashboards
    thru importing .json file. #38659, @axelavargas
  o Dashboard: Forces panel re-render when exiting panel edit. #38913,
    @hugohaggmark
  o Dashboard: Prevent folder from changing when navigating to general
    settings. #38103, @hugohaggmark
  o Docker: Force use of libcrypto1.1 and libssl1.1 versions to fix
    CVE-2021-3711. #38585, @dsotirakis
  o Elasticsearch: Fix metric names for alert queries. #38546, @dsotirakis
  o Elasticsearch: Limit Histogram field parameter to numeric values. #38631,
    @Elfo404
  o Elasticsearch: Prevent pipeline aggregations to show up in terms order by
    options. #38448, @Elfo404
  o LibraryPanels: Prevent duplicate repeated panels from being created.
    #38804, @hugohaggmark
  o Loki: Fix ad-hoc filter in dashboard when used with parser. #38542,
    @ivanahuckova
  o Plugins: Track signed files + add warn log for plugin assets which are not
    signed. #38938, @wbrowne
  o Postgres/MySQL/MSSQL: Fix region annotations not displayed correctly.
    #38936, @marefr
  o Prometheus: Fix validate selector in metrics browser. #38921, @ivanahuckova
2021-09-13 06:35:35 +00:00
mef
1541579a05 (www/Makefile) correcto sorting 2021-09-11 11:48:04 +00:00
mef
713e68178e (www/R-mathjax) Added version 1.4.0 2021-09-11 11:32:56 +00:00
mef
56a9af8606 (www/R-mathjaxr) import R-mathjaxr-1.4.0
Provides 'MathJax' and macros to enable its use within Rd files for
rendering equations in the HTML help files.
2021-09-11 11:30:55 +00:00
mef
1970e35284 (www/R-httpuv) Updated 1.6.2 to 1.6.3
httpuv 1.6.3
============

* Increased required version of Rcpp to 1.0.7, to work around an
  incompatibility between Rcpp 1.0.6 and packages compiled with
  Rcpp 1.0.7.
2021-09-11 01:58:46 +00:00
mef
4b4b4a4954 (www/R-htmlwidget) Updated 1.5.3 to 1.5.4
htmlwidgets 1.5.4
-------------------------------------------------------

* Closed #320: `getDependency()` no longer includes an absolute src path in its return value. (#384)
* Fixed #408: An error type-check did not work correctly because it was missing parentheses. (#409)
2021-09-11 01:49:06 +00:00
nia
2971691f36 firefox78-l10n: sync with firefox78 2021-09-10 11:39:21 +00:00
nia
81851d9419 firefox78: update to 78.14.0
Fixes CVE-2021-38493
2021-09-10 11:37:53 +00:00
nia
e1d9ea8b2e firefox91-l10n: sync with firefox91 2021-09-09 11:33:21 +00:00
nia
20c1b6ea4c firefox91: add missing file 2021-09-09 11:14:31 +00:00
nia
ee95976fb7 firefox91: update to 91.1.0
This fixes CVE-2021-38495
2021-09-09 11:13:59 +00:00
wiz
9a37de3d7b R-RCurl: remove patches that were removed from distinfo during last update 2021-09-09 07:52:29 +00:00
nia
203ac399d3 Add Firefox 91ESR as a starting point for the branch. 2021-09-08 22:19:50 +00:00
jperkin
819231767c php-nextcloud: Incompatible with php56 due to php-sodium. 2021-09-06 19:51:29 +00:00
adam
661c42c561 py-django-cors-headers: updated to 3.8.0
3.8.0

Add type hints.
Stop distributing tests to reduce package size. Tests are not intended to be run outside of the tox setup in the repository. Repackagers can use GitHub's tarballs per tag.
2021-09-06 16:31:54 +00:00
ryoon
5bd09cd215 php-nextcloud: Update to 22.1.1
* Add security/php-sodium as dependency.

Changelog:
Changes

  * Manual backport of "No limit in the number of group shares" #27875 (server#
    27993)
  * Extend pending shares list in frontend to include remote shares (server#
    28209)
  * Allow to disable group membership change notification (server#28231)
  * Add h2 to personal info page, fixing accessibility issue (server#28252)
  * Add quota restrictions options (server#28256)
  * Bump marked from 2.0.6 to 2.0.7 (server#28271)
  * Fix CI failures when building settings app (server#28274)
  * Check that php was compiled with argon2 support or that the php-sodium
    extensions is installed (server#28288)
  * Allow upgrade from 22.1 (server#28304)
  * Bump dompurify from 2.2.8 to 2.2.9 (server#28340)
  * Bump @babel/preset-env from 7.14.8 to 7.14.9 (server#28341)
  * Bump vue-loader from 15.9.7 to 15.9.8 (server#28342)
  * Change the concurrent upload limit to less than 10 (server#28353)
  * Fix Folder->getById() when a single storage is mounted multiple times
    (server#28359)
  * Make "name" column nullable for workflows (server#28384)
  * Gracefully handle smb acls for users without a domain (server#28416)
  * Add missing files for Composer v2 (server#28441)
  * Improve auto expiration hint for trashbin and file versions (server#28446)
  * UnifiedSearchController: strip webroot from URL before finding a route
    (server#28454)
  * Only trap E_ERROR in session handling (server#28470)
  * Disable autofocus of primary Email (server#28479)
  * Emit an error log when the app token login name does not match (server#
    28489)
  * Hash cache key (server#28494)
  * Fix #20913: Check image resource before attempting to preserve alpha
    (server#28499)
  * Output exception in cron (server#28518)
  * Properly log errors in Movie previews generation (server#28522)
  * Fix folder size contained in S3 buckets (server#28534)
  * Set alias for result of cast column function (server#28536)
  * Do not load versions tab view if the files app is not available (server#
    28545)
  * Bump webdav from 4.6.0 to 4.6.1 (server#28553)
  * Fix UserController tests (server#28568)
  * Use case insensitive like when limiting search to jail (server#28573)
  * Log exception message during failed ownership transfer share restore
    (server#28576)
  * Use getGetUnjailedRoot to determine if jailed search needs the path filter
    (server#28583)
  * 22.1.1-rc2 (server#28590)
  * Fix setting up 2FA providers when 2FA is enforced and bc are generated
    (server#28596)
  * Fix activity design (activity#633)
  * Check if `$knownPath` is set before invoking `rtrim()` (circles#776)
  * Generate quick members' memberships during migration (circles#779)
  * Verify shareType in params (circles#782)
  * Details on non-visible (but open) circles (circles#787)
  * Fix definition on single circles (circles#788)
  * Emulate initiator on CircleJoin (circles#791)
  * Owner of NO_OWNER should not have memberships cached (circles#799)
  * Fix notification when invited to a circle (circles#800)
  * Exception on non visible circle (circles#805)
  * Force join_request on old secret circles (circles#806)
  * Fix hide download and printing (files_pdfviewer#460)
  * Fix body footer hiding (files_pdfviewer#463)
  * Disable download for pdf files (files_pdfviewer#469)
  * Fix download & print view (files_pdfviewer#473)
  * Fix share option being displayed erroneously (files_rightclick#119)
  * Give twofactor nextcloud notifications a high priority (notifications#1062)
  * Always show the dismiss all button (notifications#1065)
  * Fix maria db tests (notifications#1067)
  * High priority for the PhoneTrack app (notifications#1070)
  * Bump @babel/plugin-transform-modules-commonjs from 7.14.0 to 7.14.5 (text#
    1732)
  * Bump @babel/plugin-transform-classes from 7.14.5 to 7.14.9 (text#1813)
  * Bump vue-loader from 15.9.7 to 15.9.8 (text#1814)
  * Bump @babel/preset-env from 7.14.5 to 7.14.9 (text#1815)
2021-09-06 13:06:48 +00:00
jperkin
4ea32fa948 ap-auth-openidc: Requires libtool.
Fix submitted by goekesmi in NetBSD/pkgsrc#92.
2021-09-06 10:25:40 +00:00
wen
d1cffc11c8 Update to 3.2.7
Upstream changes:
Django 3.2.7 fixes a bug in 3.2.6.

Bugfixes
Fixed a regression in Django 3.2 that caused the incorrect offset extraction from fixed offset timezones (#32992).
2021-09-05 09:41:38 +00:00
wen
a33a502278 Update to 0.37
Upstream changes:
Changes for version 0.37 - 2021-05-05
Port Makefile.PL from Module::Install to Distar
Remove MooseX::Types dependency
2021-09-05 01:57:05 +00:00
wen
f28c765e2d Update to 0.13
Upstream changes:
0.13      2021-02-06 17:26:39-08:00 America/Vancouver
    - Internals; avoid allocating memory for each node as we tokenize the
      document, and simply use pointers back into original string.
      - Dramatically improves performance; local testing shows boost from
        ~25/s to ~85MB/s
    - Improve zero value minification further
    - Simplified whitespace compaction

0.12      2021-01-30 21:46:07-08:00 America/Vancouver
    - rewrote test suite into a single ".t" test
    - GH #1 / RT #97574; whitespace before a ":" in a pseudo-selector is
      meaningful and needs to be preserved (e.g. "#link :visited")
    - Further reductions of "zero values", when possible
      - "00000px" and "0.0px" become "0px"
      - "000%" and "0.0%" become "0%"
      - units are preserved inside of functions, but eliminated otherwise, and
        percentages are always left as a percentages
    - Optimized whitespace collapsing
    - Optimized memory usage and string copying

0.11      2020-12-30 21:27:39-08:00 America/Vancouver
    - POD spelling fixes
    - Switch to DZil Author Bundle

0.10      2020-12-28 11:00:17-08:00 America/Vancouver
    - RT #90879; correct minification of %s in "hsl()" and "hsla()" functions
      Thanks to Philipp Soehnlein
    - RT #103231; don't remove units on zero values inside of functions.
      Thanks to Isaac Montoya, for an additional test case.
    - No long drop units on zero percentages, as those may be required for CSS
      animations.  Thanks to Isaac Montoya for continuing to poke me on this.
    - Now prunes leading whitespace before "!important"
        e.g. "color: red !important" becomes "color:red!important"
    - Switch to Dist::Zilla
2021-09-05 01:48:42 +00:00
wen
43f2381485 Update to 1.26
Upstream changes:
Changes in 1.26: Added highlight (RT-3899) and Days_in_Month (RT-58547) methods.
2021-09-05 01:46:12 +00:00
wen
91e699b7c3 Update to 4.11
Upstream changes:
4.11  2021-02-22 08:52:44 CET
  - Fixing errors in documentation
2021-09-05 01:42:07 +00:00
wen
5b1e980a1a Update to 0.14
Upstream changes:
0.14      2021-02-06 23:36:36-08:00 America/Vancouver
    - rewrote test suite into a single ".t" test
    - optimized memory allocations, by allocating Nodes in bulk, and being
      smarter about when we need to free/reallocate content buffers in Nodes
    - optimize whitespace collapsing
    - GH#3 / RT#108682; fix whitespace reduction at end of preserved line
      comment.  Thanks to Dan Goodliffe
    - GH#6; fix unescaped slash in character set, inside of a regex, with thanks
      to @faf

0.13      2020-12-30 21:46:29-08:00 America/Vancouver
    - POD cleanups; spelling, SYNOPSIS
    - Switch to DZil Author Bundle

0.12      2020-12-28 08:31:31-08:00 America/Vancouver
    - Switch to GitHub Actions, from Travis-CI.
    - Add META links to GitHub repository and issue tracker
    - Switch to Dist::Zilla
    - Bump minimum required Perl to 5.8.1
    - RT #130347; handle ES6 template literals.
      Thanks to Robert Rothenberg.
2021-09-05 01:31:30 +00:00
wen
2f367613b8 Update to 2.16
Upstream changes:
@section v2_16 Changes with libapreq2-2.16 (released 17 March, 2021)

- Build [Steve Hay]
  Fix file attribute for modules listed as provided in META.yml.

@section v2_15 Changes with libapreq2-2.15 (released 17 November, 2020)

- SECURITY: CVE-2019-12412 (cve.mitre.org)
  C API [Max Kellermann]
  Fix a NULL pointer dereference when parsing malformed
  multipart data in apreq_parse_multipart().

- C API [Yann Ylavic]
  In apreq_brigade_concat(), fix memory handling and create
  the FILE bucket correctly.

- Build [Petr Pisar]
  Fix "make release" on Unix.

@section v2_14 Changes with libapreq2-2.14 (not released)

- Build [stevehay]
  Fix httpd-2.4.x build for Win32.

- Build [Richard M Kandarian]
  Fix debug build for Win32.

- C API [joes]
  Fix mod_apreq2's config merging.

- Perl glue
  Updated license info in META.yml
  Updated documentation for Apache2::Cookie
2021-09-05 01:26:19 +00:00
wen
315444758c Update to 0.000043
Upstream changes:
0.000043  2021-03-04 19:00:40Z
    - Ensure that a silent logger is actually silent (GH#21) (Olaf Alders)
2021-09-04 23:40:03 +00:00
wen
802a7778cb Update to 6.56
Upstream changes:
6.56      2021-08-17 13:57:12Z
    - Update the CONTRIBUTING doc to no longer reference TravisCI. (GH #384) (Slaven Rezić)
    - Increase test coverage for env_proxy() (GH#383) (Slaven Rezić)
    - When a truthy Content-Type is provided, override the default (GH#385)
      (Matthew Horsfall (alh))

6.55      2021-06-17 13:57:06Z
    - Attempt to avoid rare fails in redirect.t (GH#380) (Arne Johannessen)

6.54      2021-05-06 17:53:56Z
    - Be explicit in the prerequisite of HTTP::Status (GH#378) (Max Maischein)
    - Remove Authority section from dist.ini (GH#377) (Olaf Alders)
2021-09-04 23:28:27 +00:00
khorben
a35ae7643e py-flask-sendmail: fix sending messages
Bumps PKGREVISION.
2021-09-03 14:38:50 +00:00
gutteridge
c4d05f193d firefox: reflect current rust and cbindgen minimum requirements 2021-09-03 03:55:36 +00:00
nia
9eb32aa7f2 seamonkey: Fix configuring on NetBSD/i386 2021-09-02 11:54:00 +00:00
nia
82f398a9fd firefox[68,78]: Add workarounds for NetBSD/i386 2021-09-02 11:04:02 +00:00
wiz
d49e78975b www/Makefile: sort 2021-09-02 07:19:21 +00:00
mef
4d2765e1ea (www/R-gh) fix typo on package PATH 2021-08-31 10:39:28 +00:00
taca
a3f850c2fe www/ruby-html-proofer: update to 3.19.2
3.19.2 (2021-06-24)

* Fix for Hydra.
2021-08-30 16:04:17 +00:00
taca
80c2613be9 www/ruby-css-parser: update to 1.10.0
1.10.0 (2021-07-27)

* Allow CSS functions to be used in
  CssParser::RuleSet#expand_dimensions_shorthand! #126
2021-08-30 15:40:27 +00:00
taca
920767b025 www/ruby-rails-html-sanitizer: udpate to 1.4.2
1.4.0 (2021-08-18)

* Processing Instructions are no longer allowed by Rails::Html::PermitScrubber

  Previously, a PI with a name (or "target") matching an allowed tag name
  was not scrubbed. There are no known security issues associated with these
  PIs, but similar to comments it's preferred to omit these nodes when
  possible from sanitized output.

  Fixes #115.

  Mike Dalessio


1.4.1 (2021-08-18)

* Fix regression in v1.4.0 that did not pass comment nodes to the scrubber.

  Some scrubbers will want to override the default behavior and allow
  comments, but v1.4.0 only passed through elements to the scrubber's
  keep_node? method.

  This change once again allows the scrubber to make the decision on comment
  nodes, but still skips other non-elements like processing instructions
  (see #115).

  Mike Dalessio


1.4.2 (2021-08-23)

* Slightly improve performance.

  Assuming elements are more common than comments, make one less method call
  per node.
2021-08-30 15:38:02 +00:00
taca
bc3da27962 www/ruby-faraday: update to 1.7.1
1.4.3 (2021-06-24)

Fixes

* Silence warning (#1286, @gurgeous)
* Always dup url_prefix in Connection#build_exclusive_url (#1288, @alexeyds)


1.5.0 (2021-07-04)

Misc

* Use external httpclient adapter (#1289, @iMacTia)
* Use external patron adapter (#1290, @iMacTia)


1.5.1 (2021-07-11)

Fixes

* Fix JRuby incompatibility after moving out EM adapters (#1294, @ahorek)

Documentation

* Update YARD to follow RackBuilder (#1292, @kachick)


1.6.0 (2021-08-01)

Misc

* Use external Rack adapter (#1296, @iMacTia)


1.7.0 (2021-08-09)

Features

* Add strict_mode to Test::Stubs (#1298, @yykamei)


1.7.1 (2021-08-30)

Fixes

* Respect the params_encoder in Faraday::Adapter::Test (#1316, @yykamei)

Deprecations

* Deprecate Authorization helpers in Faraday::Connection (#1306, @iMacTia)
2021-08-30 15:34:09 +00:00
taca
26c6aa6149 www/ruby-faraday-net_http_persistent: update to 1.2.0
1.2.0 (2021-07-12)

Features

* Adding support for streamed responses (#6, @MikeRogers0)

Documentation

* README: Fix a broken link (#4, @olleolleolle)
* README: Fix a Markdown link (f7408a8, @olleolleolle)
2021-08-30 15:29:19 +00:00