Django 2.2.3
Fix CVE-2019-12781: Incorrect HTTP detection with reverse-proxy connecting via HTTPS
Fixed a regression in Django 2.2 where Avg, StdDev, and Variance crash with filter argument
Fixed a regression in Django 2.2.2 where auto-reloader crashes with AttributeError, e.g. when using ipdb
Cohttp is an OCaml library for creating HTTP daemons. It has a portable
HTTP parser, and implementations using various asynchronous programming
libraries. It's needed as a dependency for some ocaml-git options.
It's unmaintained by upstream for most of this decade (even then, this
is an old version), and broken in bulk builds since at least last year.
Discussed on pkgsrc-users@.
Upstream changelog:
MediaWiki 1.32.2
This is a security and maintenance release of the MediaWiki 1.32 branch.
Changes since MediaWiki 1.32.1
(T204423) Backport support for hyphenated DB names in JobQueueGroup.
(T216968) Return pageid as int in both list=iwbacklinks and list=langbacklinks.
(T215169) Fix for Database::update() with IGNORE option fails on PostgreSQL.
(T199474) Fix typo in rebuildrecentchanges.php resulting in rogue flags.
(T218608) SECURITY: Fix an issue that prevents Extension:OAuth working when $wgBlockDisablesLogin is true.
(T216029) Chrome redirects to Special:BadTitle after editing a section with a non-Latin name on a page with non-Latin characters in title.
Unbreak language related maintenance scripts that use StaticArrayWriter.
(T219728) Added support for new Japanese era name "Reiwa".
(T25227) SECURITY: action=logout now requires to be posted and have a csrf token.
Updated cssjanus/cssjanus from 1.2.0 to 1.3.0.
(T221045) Remove orphaned code from ConfigRepository.
(T222385) resourceloader: Use AND instead of OR for upsert conds in saveFileDependencies().
(T224374) Fix message parameters so that the message that says SQLite is out of date makes sense.
(T200471) Prevent LBFactorySimple breaking ExternalStorage, when trying to connect to external server with local database name.
(T197279) SECURITY: Fix reauth in Special:ChangeEmail.
(T208881) SECURITY: blacklist CSS var().
(T209794) SECURITY: rate-limit and prevent blocked users from changing email.
(T199540) SECURITY: API: Respect $wgBlockCIDRLimit in action=block.
(T212118) SECURITY: Fix cache mode for (un)patrolled recent changes query.
(T222036, T222038) SECURITY: Add permission check for user is permitted to view the log type.
(T221739) SECURITY: resources: Patch jQuery 3.3.1 for CVE-2019-11358.
stagit generates HTML pages for a Git repository, and supports the following
features:
- Log of all commits from HEAD.
- Log and diffstat per commit.
- Show file tree with linkable line numbers.
- Show references: local branches and tags.
- Detect README and LICENSE file from HEAD and link it as a webpage.
- Detect submodules (.gitmodules file) from HEAD and link it as a webpage.
- Atom feed log (atom.xml).
- Make index page for multiple repositories with stagit-index.
- After generating the pages (relatively slow) serving the files is very fast,
simple and requires little resources (because the content is static), only
a HTTP file server is required.
- Usable with text-browsers such as dillo, links, lynx and w3m.
OK kamil@, leot@
Bugfixes
Always set userID on LFS authentication (#7224) (Part of #6993)
Fix LFS Locks over SSH (#6999) (#7223)
Fix duplicated file on pull request conflicted files (#7211) (#7214)
Detect noreply email address as user (#7133) (#7195)
Don't get milestone from DB if ID is zero (#7169) (#7174)
Allow archived repos to be (un)starred and (un)watched (#7163) (#7168)
Fix GCArgs load from ini (#7156) (#7157)
Fix possbile mysql invalid connnection error (#7051) (#7071)
Handle invalid administrator username on install page (#7060) (#7063)
Fix default for allowing new organization creation for new users (#7017) (#7034)
SearchRepositoryByName improvements and unification (#6897) (#7002)
Fix u2f registrationlist ToRegistrations() method (#6980) (#6982)
Allow collaborators to view repo owned by private org (#6965) (#6968)
Use AppURL for Oauth user link (#6894) (#6925)
Escape the commit message on issues update (#6901) (#6902)
Fix regression for API users search (#6882) (#6885)
Handle early git version's lack of get-url (#7065) (#7076)
Fix wrong init dependency on markup extensions (#7038) (#7074)
2.1.9
Changes:
- Fix: show_urls, fix for traceback on multi language sites
- Improvement: reset_db, fix typo's in help test
2.1.8
Changes:
- New: HexValidator, validate hex strings
- Improvement: reset_db, move settings to `django_settings.settings` which makes it easier to override.
- Improvement: AutoSlugField, extend support for custom slugify function
- Fix: runprofileserver, fix autoreloader for newer Django versions
Flask-JWT-Extended not only adds support for using JSON Web Tokens (JWT) to
Flask for protecting views, but also many helpful (and optional) features built
in to make working with JSON Web Tokens easier. These include:
* Support for adding custom claims to JSON Web Tokens
* Custom claims validation on received tokens
* Creating tokens from complex objects or complex object from received tokens
* Refresh tokens
* Token freshness and separate view decorators to only allow fresh tokens
* Token revoking/blacklisting
* Storing tokens in cookies and CSRF protection
Flask API is a drop-in replacement for Flask that provides an implementation of
browsable APIs similar to what Django REST framework provides. It gives you
properly content negotiated-responses and smart request parsing.
3.6.1:
travis: add gcc-8 to CI
[build] enable concurrent compilation
Remove the link to ast_factory.hpp from Visual C++ project files
[build] add support of Visual Studio 2017 and 2019 to the Visual C++ project file
Makefile: Fix STATIC_LIBSTDCPP support
Remove abspath from native Makefile
Read files using for better portability
Add comparison operators for SharedImpl, fix bugs
VS2013 noexcept workaround
5.5.0:
New Features
- IPyWidget Support
- A new ClearMetadata Preprocessor is available
- Support for pandoc 2
- New, and better, latex template
Fixing Problems
- Refactored execute preprocessor to have a process_message function
- Fixed OOM kernel failures hanging
- Fixed latex export for svg data in python 3
- Enabled configuration to be shared to exporters from script exporter
- Make latex errors less verbose
- Typo in template syntax
- Improved attachments +fix supporting non-unique names
- PDFExporter "output_mimetype" traitlet is not longer 'text/latex'
- FIX: respect wait for clear_output
- address deprecation warning in cgi.escape
- Correct inaccurate description of available LaTeX template
- Fixed kernel death detection for executions with timeouts
- Fixed export names for various templates
Deprecations
- Dropped support for python 3.4
- Removed deprecated export_by_name
Testing, Docs, and Builds
- Added tests for each branch in execute's run_cell method
- Mention formats in --to options more clearly
- Adds ascii output type to command line docs page, mention image folder output
- Simplify setup.py
- Use utf-8 encoding in execute_api example
- Upgrade pytest on Travis
- Fix LaTeX base template name in docs
- Updated release instructions based on 5.4 release walk-through
- Fixed broken link to jinja docs
This replaces the OSS backend with something that passes the unit tests,
supports additional channels, and supports recording. It will be included
with future versions of Firefox.
Tested with:
* YouTube audio-video sync test
* about:support device detection
* WebRTC microphone recording (using an USB microphone)
Note: you can select an audio backend using the about:config variable
media.cubeb.backend. This can be set to options such as sun/pulse/oss.
Let me know if you still need to use the oss backend. It's very
incomplete, buggy, and FreeBSD has already removed it - ideally we
should eventually.
Bump PKGREVISION.
This replaces the OSS backend with something that passes the unit tests,
supports additional channels, and supports recording. It will be included
with future versions of Firefox.
Tested with:
* YouTube audio-video sync test
* about:support device detection
* WebRTC microphone recording (using an USB microphone)
While here, fix WebRTC builds.
Note: you can select an audio backend using the about:config variable
media.cubeb.backend. This can be set to options such as sun/pulse/oss.
Let me know if you still need to use the oss backend. It's very
incomplete, buggy, and FreeBSD has already removed it - ideally we
should eventually.
Bump PKGREVISION.
cubeb_sun replaces cubeb_oss, adding support for additional channels
on NetBSD, passing tests, and recording support (more useful on firefox
where WebRTC works)
upstream's official builds use gtk3 over gtk2 and doing so enables
support for hidpi displays.
me and several others have been using this for the past ~week, see
https://github.com/kinetiknz/cubeb/pull/510
bump PKGREVISION.
v1.39.1:
nghttpx
This release fixes the bug that log-level is not set with cmd-line or configuration file. It also fixes FPE with default backend.
v1.39.0:
lib
libnghttp2 now ignores content-length in 200 response to CONNECT request as per RFC 7230.
third-party
mruby has been upgraded to 2.0.1.
asio
libnghttp2-asio now supports boost-1.70.
src
http-parser has been replaced with llhttp.
nghttpx
nghttpx now ignores Content-Length and Transfer-Encoding in 1xx or 200 to CONNECT.
This release fixes the bug that the log level does not change to the default value on configuration reload if log-level option is missing in new configuration.