Commit graph

18798 commits

Author SHA1 Message Date
wen
c0c17119b3 Update to 16.0.0
Upstream changes:
Nextcloud 16 is smarter than ever, with machine learning to detect suspicious
logins and offering clever recommendations. Group Folders now sport access control
lists so system administrators can easily manage who has access to what in
organization-wide shares. We also introduce Projects, a way to easily relate
and find related information like files, chats or tasks.

As this is a major release, the changelog is very long.
Please visit: https://nextcloud.com/changelog/
2019-04-27 02:18:42 +00:00
maya
7820bc7a2f fix some whitespace, mostly introduced in the previous
python 3.4 / 3.5 removal commit.
2019-04-26 14:12:31 +00:00
maya
5901ac0824 Omit mentions of python 34 and 35, after those were removed.
- Includes some whitespace changes, to be handled in a separate commit.
2019-04-26 13:13:41 +00:00
markd
2202265d30 kde: update KDE Frameworks to 5.57.0 2019-04-25 21:10:45 +00:00
adam
223ca9adc1 py-notebook: updated to 5.7.8
5.7.8
- Fix regression in restarting kernels in 5.7.5.
  The restart handler would return before restart was completed.
- Further improve compatibility with tornado 6 with improved
  checks for when websockets are closed.
- Fix regression in 5.7.6 on Windows where .js files could have the wrong mime-type.
- Fix Open Redirect vulnerability (CVE-2019-10255)
  where certain malicious URLs could redirect from the Jupyter login page
  to a malicious site after a successful login.
  5.7.7 contained only a partial fix for this issue.
2019-04-25 13:19:48 +00:00
maya
f34a8c24a3 PKGREVISION bump for anything using python without a PYPKGPREFIX.
This is a semi-manual PKGREVISION bump.
2019-04-25 07:32:34 +00:00
adam
69ce0933eb py-pylint-django: updated to 2.0.8
Version 2.0.8:
- Support recursive (self) ForeignKey relations.

Version 2.0.7:
- Fixed AstroidImportError for DecimalField.
- Add load_configuration() in pylint_django/__init__.py.
- Support ForeignKey relations with to keyword.
2019-04-25 05:14:13 +00:00
adam
bf367255bc py-urllib3: updated to 1.25.1
1.25.1:
* Add support for Google's Brotli package.
* Upgrade bundled rfc3986 to v1.3.1
2019-04-25 04:58:01 +00:00
adam
c02e888cbe py-werkzeug: updated to 0.15.2
Version 0.15.2
-   Rule code generation uses a filename that coverage will ignore.
    The previous value, "generated", was causing coverage to fail.

-   The test client removes the cookie header if there are no persisted
    cookies. This fixes an issue introduced in 0.15.0 where the cookies
    from the original request were used for redirects, causing functions
    such as logout to fail.
-   The test client copies the environ before passing it to the app, to
    prevent in-place modifications from affecting redirect requests.

-   The "werkzeug" logger only adds a handler if there is no handler
    configured for its level in the logging chain. This avoids double
    logging if other code configures logging first.

Version 0.15.1
-   :class:~exceptions.Unauthorized takes description as the first
    argument, restoring previous behavior. The new www_authenticate
    argument is listed second.

Version 0.15.0
-   Building URLs is ~7x faster. Each :class:~routing.Rule compiles
    an optimized function for building itself.
-   :meth:MapAdapter.build() <routing.MapAdapter.build> can be passed
    a :class:~datastructures.MultiDict to represent multiple values
    for a key. It already did this when passing a dict with a list
    value.
-   path_info defaults to '/' for
    :meth:Map.bind() <routing.Map.bind>.
    :pr:1316)
-   Change RequestRedirect code from 301 to 308, preserving the verb
    and request body (form data) during redirect.
-   int and float converters in URL rules will handle negative
    values if passed the signed=True parameter. For example,
    /jump/<int(signed=True):count>.
-   Location autocorrection in :func:Response.get_wsgi_headers()
    <wrappers.BaseResponse.get_wsgi_headers> is relative to the current
    path rather than the root path.
    :pr:1315)
-   412 responses once again include entity headers and an error message
    in the body. They were originally omitted when implementing
    If-Match

-   The Content-Length header is removed for 1xx and 204 responses. This
    fixes a previous change where no body would be sent, but the header
    would still be present. The new behavior matches RFC 7230.

-   :class:~exceptions.Unauthorized takes a www_authenticate
    parameter to set the WWW-Authenticate header for the response,
    which is technically required for a valid 401 response.

-   Add support for status code 424 :exc:~exceptions.FailedDependency.

-   :func:http.parse_cookie ignores empty segments rather than
    producing a cookie with no key or value.
-   :func:~http.parse_authorization_header (and
    :class:~datastructures.Authorization,
    :attr:~wrappers.Request.authorization) treats the authorization
    header as UTF-8. On Python 2, basic auth username and password are
    unicode.
-   :func:~http.parse_options_header understands :rfc:2231 parameter
    continuations.
-   :func:~urls.uri_to_iri does not unquote ASCII characters in the
    unreserved class, such as space, and leaves invalid bytes quoted
    when decoding. :func:~urls.iri_to_uri does not quote reserved
    characters. See :rfc:3987 for these character classes.

-   get_content_type appends a charset for any mimetype that ends
    with +xml, not just those that start with application/.
    Known text types such as application/javascript are also given
    charsets.
-   Clean up werkzeug.security module, remove outdated hashlib
    support.
-   In :func:~security.generate_password_hash, PBKDF2 uses 150000
    iterations by default, increased from 50000.
-   :class:~wsgi.ClosingIterator calls close on the wrapped
    *iterable*, not the internal iterator. This doesn't affect objects
    where __iter__ returned self. For other objects, the method
    was not called before.
-   Bytes may be used as keys in :class:~datastructures.Headers, they
    will be decoded as Latin-1 like values are.
-   :class:~datastructures.Range validates that list of range tuples
    passed to it would produce a valid Range header.
-   :class:~datastructures.FileStorage looks up attributes on
    stream._file if they don't exist on stream, working around
    an issue where :func:tempfile.SpooledTemporaryFile didn't
    implement all of :class:io.IOBase. See
    https://github.com/python/cpython/pull/3249.
-   :class:CombinedMultiDict.copy() <datastructures.CombinedMultiDict>
    returns a shallow mutable copy as a
    :class:~datastructures.MultiDict. The copy no longer reflects
    changes to the combined dicts, but is more generally useful.

-   The version of jQuery used by the debugger is updated to 3.3.1.

-   The debugger correctly renders long markupsafe.Markup instances.

-   The debugger can serve resources when Werkzeug is installed as a
    zip file. DebuggedApplication.get_resource uses
    pkgutil.get_data.
-   The debugger and server log support Python 3's chained exceptions.

-   The interactive debugger highlights frames that come from user code
    to make them easy to pick out in a long stack trace. Note that if an
    env was created with virtualenv instead of venv, the debugger may
    incorrectly classify some frames.
-   Clicking the error message at the top of the interactive debugger
    will jump down to the bottom of the traceback.
-   When generating a PIN, the debugger will ignore a KeyError
    raised when the current UID doesn't have an associated username,
    which can happen in Docker.
-   :class:~exceptions.BadRequestKeyError adds the KeyError
    message to the description, making it clearer what caused the 400
    error. Frameworks like Flask can omit this information in production
    by setting e.args = ().
-   If a nested ImportError occurs from :func:~utils.import_string
    the traceback mentions the nested import. Removes an untested code
    path for handling "modules not yet set up by the parent."

-   Triggering a reload while using a tool such as PDB no longer hides
    input.
-   The reloader will not prepend the Python executable to the command
    line if the Python file is marked executable. This allows the
    reloader to work on NixOS.
-   Fix an issue where sys.path would change between reloads when
    running with python -m app. The reloader can detect that a
    module was run with "-m" and reconstructs that instead of the file
    path in sys.argv when reloading.
-   The dev server can bind to a Unix socket by passing a hostname like
    unix://app.socket.
-   Server uses IPPROTO_TCP constant instead of SOL_TCP for
    Jython compatibility.
-   When using an adhoc SSL cert with :func:~serving.run_simple, the
    cert is shown as self-signed rather than signed by an invalid
    authority.
-   The development server logs the unquoted IRI rather than the raw
    request line, to make it easier to work with Unicode in request
    paths during development.
-   The development server recognizes ConnectionError on Python 3 to
    silence client disconnects, and does not silence other OSErrors
    that may have been raised inside the application.
-   The environ keys REQUEST_URI and RAW_URI contain the raw
    path before it was percent-decoded. This is non-standard, but many
    WSGI servers add them. Middleware could replace PATH_INFO with
    this to route based on the raw value.
-   :class:~test.EnvironBuilder doesn't set CONTENT_TYPE or
    CONTENT_LENGTH in the environ if they aren't set. Previously
    these used default values if they weren't set. Now it's possible to
    distinguish between empty and unset values.
-   The test client raises a ValueError if a query string argument
    would overwrite a query string in the path.
-   :class:test.EnvironBuilder and :class:test.Client take a
    json argument instead of manually passing data and
    content_type. This is serialized using the
    :meth:test.EnvironBuilder.json_dumps method.
-   :class:test.Client redirect handling is rewritten.

    -   The redirect environ is copied from the initial request environ.
    -   Script root and path are correctly distinguished when
        redirecting to a path under the root.
    -   The HEAD method is not changed to GET.
    -   307 and 308 codes preserve the method and body. All others
        ignore the body and related headers.
    -   Headers are passed to the new request for all codes, following
        what browsers do.
    -   :class:test.EnvironBuilder sets the content type and length
        headers in addition to the WSGI keys when detecting them from
        the data.
    -   Intermediate response bodies are iterated over even when
        buffered=False to ensure iterator middleware can run cleanup
        code safely. Only the last response is not buffered.

-   :class:~test.EnvironBuilder, :class:~datastructures.FileStorage,
    and :func:wsgi.get_input_stream no longer share a global
    _empty_stream instance. This improves test isolation by
    preventing cases where closing the stream in one request would
    affect other usages.
-   The default :attr:SecureCookie.serialization_method
    <contrib.securecookie.SecureCookie.serialization_method> will
    change from :mod:pickle to :mod:json in 1.0. To upgrade existing
    tokens, override :meth:~contrib.securecookie.SecureCookie.unquote
    to try pickle if json fails.
-   CGIRootFix no longer modifies PATH_INFO for very old
    versions of Lighttpd. LighttpdCGIRootFix was renamed to
    CGIRootFix in 0.9. Both are deprecated and will be removed in
    version 1.0.
-   :class:werkzeug.wrappers.json.JSONMixin has been replaced with
    Flask's implementation. Check the docs for the full API.

-   The :doc:contrib modules </contrib/index> are deprecated and will
    either be moved into werkzeug core or removed completely in
    version 1.0. Some modules that already issued deprecation warnings
    have been removed. Be sure to run or test your code with
    python -W default::DeprecationWarning to catch any deprecated
    code you're using.

    -   LintMiddleware has moved to :mod:werkzeug.middleware.lint.
    -   ProfilerMiddleware has moved to
        :mod:werkzeug.middleware.profiler.
    -   ProxyFix has moved to :mod:werkzeug.middleware.proxy_fix.
    -   JSONRequestMixin has moved to :mod:werkzeug.wrappers.json.
    -   cache has been extracted into a separate project,
        cachelib <https://github.com/pallets/cachelib>_. The version
        in Werkzeug is deprecated.
    -   securecookie and sessions have been extracted into a
        separate project,
        secure-cookie <https://github.com/pallets/secure-cookie>_. The
        version in Werkzeug is deprecated.
    -   Everything in fixers, except ProxyFix, is deprecated.
    -   Everything in wrappers, except JSONMixin, is deprecated.
    -   atom is deprecated. This did not fit in with the rest of
        Werkzeug, and is better served by a dedicated library in the
        community.
    -   jsrouting is removed. Set URLs when rendering templates
        or JSON responses instead.
    -   limiter is removed. Its specific use is handled by Werkzeug
        directly, but stream limiting is better handled by the WSGI
        server in general.
    -   testtools is removed. It did not offer significant benefit
        over the default test client.
    -   iterio is deprecated.

-   :func:wsgi.get_host no longer looks at X-Forwarded-For. Use
    :class:~middleware.proxy_fix.ProxyFix to handle that.

-   :class:~middleware.proxy_fix.ProxyFix is refactored to support
    more headers, multiple values, and more secure configuration.

    -   Each header supports multiple values. The trusted number of
        proxies is configured separately for each header. The
        num_proxies argument is deprecated.
    -   Sets SERVER_NAME and SERVER_PORT based on
        X-Forwarded-Host.
    -   Sets SERVER_PORT and modifies HTTP_HOST based on
        X-Forwarded-Port.
    -   Sets SCRIPT_NAME based on X-Forwarded-Prefix.

    -   The original WSGI environment values are stored in the
        werkzeug.proxy_fix.orig key, a dict. The individual keys
        werkzeug.proxy_fix.orig_remote_addr,
        werkzeug.proxy_fix.orig_wsgi_url_scheme, and
        werkzeug.proxy_fix.orig_http_host are deprecated.

-   Middleware from werkzeug.wsgi has moved to separate modules
    under werkzeug.middleware, along with the middleware moved from
    werkzeug.contrib. The old werkzeug.wsgi imports are
    deprecated and will be removed in version 1.0.

    -   werkzeug.wsgi.DispatcherMiddleware has moved to
        :class:werkzeug.middleware.dispatcher.DispatcherMiddleware.
    -   werkzeug.wsgi.ProxyMiddleware as moved to
        :class:werkzeug.middleware.http_proxy.ProxyMiddleware.
    -   werkzeug.wsgi.SharedDataMiddleware has moved to
        :class:werkzeug.middleware.shared_data.SharedDataMiddleware.

-   :class:~middleware.http_proxy.ProxyMiddleware proxies the query
    string.
-   The filenames generated by
    :class:~middleware.profiler.ProfilerMiddleware can be customized.

-   The werkzeug.wrappers module has been converted to a package,
    and its various classes have been organized into separate modules.
    Any previously documented classes, understood to be the existing
    public API, are still importable from werkzeug.wrappers, or may
    be imported from their specific modules.
2019-04-24 16:05:43 +00:00
leot
9f4354e3a1 netsurf: Add dependency to libiconv
Pointed out via PR pkg/54137 by Jonathan Schleifer (used by
libparserutils and netsurf).

Bump PKGREVISION
2019-04-23 23:30:49 +00:00
adam
1a0205c4bd py-urllib3: updated to 1.25
1.25:
* Require and validate certificates by default when using HTTPS.
* Upgraded urllib3.utils.parse_url() to be RFC 3986 compliant.
* Added support for key_password for HTTPSConnectionPool to use
  encrypted key_file without creating your own SSLContext object.
* Add TLSv1.3 support to CPython, pyOpenSSL, and SecureTransport SSLContext
  implementations.
* Switched the default multipart header encoder from RFC 2231 to HTML 5 working draft.
* Fixed issue where OpenSSL would block if an encrypted client private key was
  given and no password was given. Instead an SSLError is raised.
* Added support for Brotli content encoding. It is enabled automatically if
  brotlipy package is installed which can be requested with
  urllib3[brotli] extra.
* Drop ciphers using DSS key exchange from default TLS cipher suites.
  Improve default ciphers when using SecureTransport.
* Implemented a more efficient HTTPResponse.__iter__() method.
2019-04-23 09:51:33 +00:00
nia
1f1bcbae82 gitea: Update to 1.8.0
Changes from 1.7.5:

    SECURITY
        Prevent remote code execution vulnerability with mirror repo URL settings (#6593) (#6594)
        Resolve 2FA bypass on API (#6676) (#6674)
        Prevent the creation of empty sessions for non-logged in users (#6690) (#6677)
    BREAKING
        Add "ghost" and "notifications" to list of reserved user names. (#6208)
        Change sqlite DB path default to data directory (#6198)
        Adds MustChangePassword to user create/edit API (#6193)
        Disable redirect for i18n (#5910)
        Releases API paging (#5831)
        Allow Macaron to be set to log through to gitea.log (#5667)
        Don't close issues via commits on non-default branch (#5622)
    FEATURE
        Add regenerate secret feature for oauth2 (#6291)
        Expose issue stopwatch toggling via API (#5970)
        Add other session providers (#5963)
        Pull request conflict files detection (#5951)
        Integrate OAuth2 Provider (#5378)
        Implement "conversation lock" for issue comments (#5073)
        Feature: Archive repos (#5009)
        Discord Oauth2 support (#4476)
        Allow to set organization visibility (public, internal, private) (#1763)
        Added URL mapping for Release attachments like on github.com (#1707)
    ENHANCEMENT
        Add support for client basic auth for exchanging access tokens (#6293)
        Add ability to sort issues by due date (#6206) (#6244)
        Style tweaks to issue selection (#6196)
        Increase Username and Orgname MaxSize 35 -> 40 (#6178)
        Coverage profile with multiple packages (#6167)
        Split setting.go to multiple files (#6154)
        Allow labels to contain emoji (#6063)
        Disable git fsck for mirrored repos by default (#6018)
        Add default time out for git operations (#6015)
        Split setting.go as multiple files (#6014)
        Make dashboard navbar and footer full-width (#6013)
        Add lang specific font stacks for CJK (#6007)
        Fix header menu misalignment (#6002)
        Enhance closed PR and Issue status in the list (#6000)
        Make navbar full width (#5998)
        Add option to close issues via commit on a non master branch (#5992)
        Support n as a line highlight prefix (#5987)
        Search for org repos (#3031) (#5986)
        Minor UI tweaks (#5980)
        Use native golang SSH library but ssh-keygen when enable built-in SSH server to remove dependent on that command lines (#5976)
        Dashboard tweaks (#5974)
        Fixes for repo topic editor (#5971)
        Display the branch name in the commit view (#5950)
        handle milestone events for issues and PR (#5947)
        Add label names as filter in issue search api (#5946)
        Repo header tweaks (#5945)
        Better support for long repo names (#5932)
        Fix wrapping long code lines (#5927)
        Change GPG Validation colors and remove inline CSS (#5404) (#5896)
        Fix "pulls.blocked_by_approvals" text (#5879)
        Rename reject to 'request changes' (#5858)
        Move input fields to add members to a team and repos to a team (#5853)
        Config option to disable automatic repo watching (#5852)
        New Issue ?body= query (#5851)
        Add API to list tags (#5850)
        Pagination for git tree API (#5838)
        Add InternalTokenURI to load InternalToken from an external file (#5812)
        Allow markdown files to read from the LFS (#5787)
        Add the ability to use multiple labels as filters (#5786)
        Adjust log settings when a user is not found. (#5771)
        Log IP of failed ssh connection (#5766)
        Moved defaults in defaults.go to setting.go (#5764)
        Make DB connect more robust (#5738)
        Add Default Pull Request Title (#5735)
        Refactor repo.isBare to repo.isEmpty #5629 (#5714)
        Add flag to skip repository dumping (#5695)
        Prioritize "readme.md" (#5691)
        Improve "Fork button" for guests by showing a pop up asking them to log in before forking (#5690)
        Allow for user specific themes (#5668)
        Display branch name in delete branch confirmation modal. (#5654)
        New API routes added (#5594)
        Refactor notification for indexer (#5111)
        Refactor mail notification (#5110)
        Show email if the authenticated user owns the profile page being requested for (#4981)
        Optimize pulls merging (#4921)
        Sort Repositories widget by most recently updated (#3963) (#4599)
        Allow markdown table to scroll (#4401)
        Automatically clear stopwatch on merging a PR (#4327)
        Add the Owner Name to differentiate when merging (#3807)
        Add title attributes to all items in the repo list viewer (#6258) (#6650)
    BUGFIXES
        Fix dropdown icon padding (#6651) (#6654)
        Fix wrong GPG expire date (#6643) (#6644)
        Fix forking an empty repository (#6637) (#6653)
        Remove call to EscapePound .Link as it is already escaped (#6656) (#6666)
        Properly escape on the redirect from the web editor (#6657) (#6667)
        Allow resend of confirmation email when logged in (#6482) (#6486)
        Fix mail notification when close/reopen issue (#6581) (#6588)
        Change API commit summary to full message (#6591) (#6592)
        Add option to disable refresh token invalidation (#6584) (#6587)
        Fix bug user search API pagesize didn't obey ExplorePagingNum (#6579) (#6586)
        Fix new repo alignment (#6583) (#6585)
        Prevent server 500 on compare branches with no common history (#6555) (#6558)
        Properly escape release attachment URL (#6512) (#6523)
        Hacky fix for alignment of the create-organization dialog (#6455) (#6462)
        Disable benchmarking during tag events on DroneIO (#6365) (#6366)
        Make sure units of a team are returned (#6379) (#6381)
        Don't Unescape redirect_to cookie value (#6399) (#6401)
        Fix dump table name error and add some test for dump database (#6394) (#6402)
        Fix migration v82 to ignore unsynced tags between database and git data; Add missing is_archived column on repository table (#6387) (#6403)
        Display correct error for invalid mirror interval (#6414) (#6429)
        Clean up ref name rules (#6437) (#6439)
        Fix Hook & HookList in Swagger (#6432) (#6440)
        Change order that PostProcess Processors are run (#6445) (#6447)
        Clean up various use of escape/unescape functions for URL generation (#6334)
        Return 409 when creating repo if it already exists. (#6330)
        Add same changes from issues page to milestone->issues page (#6328)
        Fix ParsePatch function to work with quoted diff --git strings (#6323)
        Fix reported issue in repo description (#6306)
        Use url.PathEscape to escape the branchname (#6304)
        Add robots.txt as reserved username (#6272)
        Replace linkRegex with xurls library (#6261)
        Remove visitLinksForShortLinks features (#6257)
        Add unit types to repo action URL to correctly show 404 when archived (#6247)
        Check organization visibility before everything else (#6234) (#6235)
        Prevent double-close of issues (#6233)
        Override xorm type mapping for U2F counter (#6232)
        Add isAdmin to user API response (#6231)
        Update git vendor to fix wrong release commit id and add migrations (#6224)
        Fix fork button (#6223)
        Fix renames over redirects (#6216)
        Fix display dashboard even if require to change password (#6214)
        Create a repo redirect when transferring ownership (#6210) (#6211)
        Fix issue update race condition (#6194)
        Fix bug when migrate repository 500 when repo is existed (#6188)
        Fix scrollbar always present on page body (#6177)
        Fix bug when set indexer as db and add tests (#6173)
        Modify linkRegex to require http|https (#6171)
        Fix bug user could change private repository to public when force private enabled. (#6156)
        Fix admin list user/org API (#6143)
        Make repo creation for API similar to UI (#6142)
        Make document body a flexbox (#6139)
        Refactor issue indexer, add some testing and fix a bug (#6131)
        Load Issue attributes for API call (#6122)
        Fix bug when update owner team then visit team's repo return 404 (#6119)
        Fix heatmap and repository menu display in Internet Explorer 9+ (#6117)
        Show private organization for admin, fix #6111 (#6112)
        Fix prohibit login check on authorization (#6106)
        Move to ldap.v3 to fix #5928 (#6105)
        Remove use MakeAssigneeList in webhooks to fix deadlock (#6102)
        Allow display of LFS stored Readme.md on directory page (#6073) (#6099)
        Make sure labels are actually returned (#6053)
        Fix panic: template: repo/issue/list:210: unexpected "=" in operand (#6041)
        After deleting a repo on admin panel, UI should remember the last sort type (#6033)
        Default create repository on organisation on its dashboard (#6026)
        Swagger: Remove spaces in MergePullRequestOption enum (#6016)
        Fix metrics auth token detection (#6006)
        Fix repo header issues (#5995)
        Fix bug when deleting a linked account will removed all (#5989)
        Make organization dropdown scrollable when using mouse wheel (#5988)
        Fix empty ssh key importing in ldap (#5984)
        Admin config page mailertype setting option update (#5973)
        Fix redirect loop during forced password change (#5965)
        Show user who created the repository instead of the organisation in action feed (#5948)
        Remove all CommitStatus when a repo is deleted (#5940)
        Fix ssh deploy and user key constraints (#1357) (#5939)
        Fix log output (#5938)
        Set PusherName and PusherID to owner on deploy key to fix pushing with deploy keys (#5935)
        Fix compare button (#5929)
        Fix bug when read public repo lfs file (#5912)
        Only allow local login if password is non-empty (#5906)
        Recover panic in orgmode.Render if bad orgfile (#4982) (#5903)
        Provide better panic handling (#5902)
        Respect value of REQUIRE_SIGNIN_VIEW (#5901)
        Show a 404 not a 500 if a repo does not exist (#5900)
        Ensure repo is loaded in mailer (Completely fix #5891) (#5895)
        Ensure issue.Poster is loaded in mailIssueCommentToParticipants (#5891)
        Correct footer height if screen-width is to small (fixes #5878) (#5889)
        In gitea serv switch off console logger to fix #5866 (#5887)
        Don't allow pull requests to be created on an archived repository (#5883)
        Support reviews on a deleted file path (#5880)
        Fix compare button on upstream repo leading to 404 (#5877)
        Fix null pointer on not logged in attempt to Sudo (#5872)
        Fix new release creation API to allow empty target (#5870)
        Fix an error while adding a dependency via UI. (#5862)
        Fix failing migration v67 (#5849)
        Fix delete correct temp directory (#5839)
        Make sure .git/info is created before generating .git/info/sparse-che… (#5825)
        Fix topics saving internal error and disable for archived repos (#5821)
        Fix TLS errors when using acme/autocert for local connections (#5820)
        When creating new repository fsck option should be enabled (#5817)
        Request for public keys only if LDAP attribute is set (#5816)
        Fix serving of raw wiki files other than .md (#5814)
        Fix migration 78 error mssql (#5791)
        Disallow empty titles (#5785)
        Fix the v78 migration script (#5776)
        Ensure valid git author names passed in signatures (#5774)
        Fix wrong assumption where a user is always said to have unassigned (her)himself (#5769)
        Upgrade go-sql-driver/mysql to fix invalid connection error (#5748)
        Fixing PostgreSQL dump creation (#5747)
        Add proper CORS preflight origin validation (#5740)
        Disable auto-migrate in docker container (#5730)
        In basic auth check for tokens before call UserSignIn (#5725)
        Pooled and buffered gzip implementation (#5722)
        Ensure that sessions are passed into queries that could use the database to prevent deadlocks (#5718)
        Keep file permissions during database migration (#5707)
        Use correct value for "MSpan Structures Obtained" #4742 (#5706)
        Refactor editor upload, update and delete to use git plumbing and add LFS support (#5702)
        Update xorm to fix issue #5659 and #5651 (#5680)
        Fix public will not be reused as public key after deleting as deploy key (#5671)
        When redirecting, clean the path (#5669)
        Don't list an issue on its own dependency list UI. (#5658)
        Fix commit page showing status for current default branch (#5649) (#5650)
        Only count users own actions for heatmap contributions (#5647)
        Fix sqlite deadlock when assigning to a PR (#5640)
        Refactor issue indexer (#5363)
    TESTING
        Run benchmark at tag to track performances (#6035)
        Add test environment for MySQL8 (#5234)
    BUILD
        Use go 1.12 for tests and deprecate go 1.9 (#6186)
        Makefile changes for Windows and easier development (#6103)
        Update bleve dependency to latest master revision (#6100)
        Switch to more recent build of xgo (#6070)
        Add autoprefixer to css build (#6029)
        Update the version of less (#6010)
        Make log mailer for testing (#5893)
    DOCS
        Add more tests and docs for issue indexer, add db indexer type for searching from database (#6144)
        update default value of --must-change-password cli flag (#6032)
        Update and expand information about building Gitea (#6019)
        Update U2F Section of app.ini.sample (#5994)
        Update swagger for release API pagination (#5841)
        Added docs for the tree api (#5834)
    MISC
        Add single commit API support (#5843)
        Add missing GET teams endpoints (#5382)
        Migrate database if app.ini found (#5290)

Changes from 1.7.4:

    SECURITY
        Prevent remote code execution vulnerability with mirror repo URL settings (#6593) (#6595)
    BUGFIXES
        Allow resend of confirmation email when logged in (#6482) (#6487)
2019-04-23 06:04:41 +00:00
leot
dd4a17c704 webkit-gtk: Fix opengl option
ENABLE_WEBGL was renamed to ENABLE_OPENGL, adjust options.mk accordingly.
2019-04-20 16:39:13 +00:00
wen
5e3a2c61e0 Update to 6.38
Update DEPENDS

Upstream changes:
6.38      2019-03-25 18:58:58Z
    - Update Net::HTTP dependency from 6.07 to 6.18 (GH#310) (Olaf Alders)
    - Remove s.c.o. from SYNOPSIS (GH#308) (Olaf Alders)

6.37      2019-03-06 20:49:26Z
    - Improve ->add_handler documentation (GH #272) (Julien Fiegehenn)
    - Alter our rule set to allow IPv6 proxy hosts beginning with [. (GH #237)
    - Add a jigsaw test for 307 redirects (GH#285) (Nik LaBelle)
2019-04-20 03:50:17 +00:00
leot
e85b3875c5 www: sort 2019-04-19 14:07:21 +00:00
fox
3992ec8d6e Added cliqz to Makefile SUBDIRs 2019-04-19 14:05:56 +00:00
fox
83c50b692d Import of cliqz-1.26.3 as www/cliqz
Cliqz develops novel Internet browsers that incorporate features
such as search and anti-tracking. Cliqz desktop browser is based
on Mozilla Firefox.

Cliqz pre-installs the Cliqz add-on, which causes search terms to
be sent to Cliqz as the default search engine. In addition the
HTTPS Everywhere addon is installed, and an addon to manage consent.
2019-04-19 14:02:03 +00:00
adam
6be9f99ff8 py-urllib3: updated to 1.24.2
1.24.2:
* Don't load system certificates by default when any other ca_certs, ca_certs_dir or
  ssl_context parameters are specified.
* Remove Authorization header regardless of case when redirecting to cross-site.
* Add support for IPv6 addresses in subjectAltName section of certificates.
2019-04-18 08:40:56 +00:00
adam
ea6e4bc8ed py-asgiref: updated to 3.1.2
3.1.2:
* New thread_critical argument to Local to tell it to not inherit contexts
  across threads/tasks.
* Local now inherits across any number of sync_to_async to async_to_sync calls
  nested inside each other

3.1.1:
* Local now cleans up storage of old threads and tasks to prevent a memory leak.

3.1.0:
* Added asgiref.local module to provide threading.local drop-in replacement.

3.0.0:
* Updated to match new ASGI 3.0 spec
* Compatibility library added that allows adapting ASGI 2 apps into ASGI 3 apps
  losslessly
2019-04-18 08:37:28 +00:00
adam
0dcbc8cc07 nginx-devel: updated to 1.5.12
Changes with nginx 1.15.12:
*) Bugfix: a segmentation fault might occur in a worker process if
   variables were used in the "ssl_certificate" or "ssl_certificate_key"
   directives and OCSP stapling was enabled.

Changes with nginx 1.15.11:
*) Bugfix: in the "ssl_stapling_file" directive on Windows.
2019-04-18 07:22:08 +00:00
adam
a1528dc1c4 nghttp2: updated to 1.38.0
lib
This release fixes the bug that on_header callback is still called after stream is closed.

third-party
http-parser is upgraded to v2.9.1.

nghttpx
This release fixes the bug that authority and path altered by per-pattern mruby script can affect backend selection on retry.
It also fixes the bug that HTTP/1.1 chunked request stalls.
Now nghttpx does not log authorization request header field value with -LINFO.
Now nghttpx can be built with modern LibreSSL.
2019-04-18 07:19:06 +00:00
wiz
d641455c8f py-mechanize: update to 0.4.2.
Changes not found.
2019-04-17 09:48:23 +00:00
wiz
802568d959 http-parser: update to 2.9.2.
Changes not found.
2019-04-17 09:42:45 +00:00
bsiegert
65fc216b57 Revbump all Go packages after go112 update 2019-04-16 18:41:08 +00:00
pho
70d1cc2af9 Add a patch to fix upstream bug #1543602; bump revision 2019-04-15 08:31:10 +00:00
wiz
0db6be632e *: remove references to ruby 2.3 2019-04-15 06:11:32 +00:00
taca
66529c7bcd www/ruby-rails52: update to 5.2.3
Update ruby-rails52 to 5.2.3 which contains security fix of actionpack in
5.2.2.2.
2019-04-14 10:36:34 +00:00
taca
5f5b24d4dc www/ruby-actioncable52: update to 5.2.3
## Rails 5.2.3 (March 27, 2019) ##

*   No changes.


## Rails 5.2.2.1 (March 11, 2019) ##

*   No changes.
2019-04-14 10:33:01 +00:00
taca
f82b5aa28a www/ruby-actionpack52: update to 5.2.3
* 5.2.2.2 fixes these security problems:

	CVE-2019-5418
	CVE-2019-5419
	CVE-2019-5420

## Rails 5.2.3 (March 27, 2019) ##

*   Allow using combine the Cache Control `public` and `no-cache` headers.

    Before this change, even if `public` was specified for Cache Control header,
    it was excluded when `no-cache` was included. This fixed to keep `public`
    header as is.

    Fixes #34780.

    *Yuji Yaginuma*

*   Allow `nil` params for `ActionController::TestCase`.

    *Ryo Nakamura*


## Rails 5.2.2.1 (March 11, 2019) ##

*   No changes.
2019-04-14 10:32:37 +00:00
taca
6c1210fda2 www/ruby-actionview52: update to 5.2.3
## Rails 5.2.3 (March 27, 2019) ##

*   Prevent non-primary mouse keys from triggering Rails UJS click handlers.
    Firefox fires click events even if the click was triggered by non-primary mouse keys such as right- or scroll-wheel-clicks.
    For example, right-clicking a link such as the one described below (with an underlying ajax request registered on click) should not cause that request to occur.

    ```
    <%= link_to 'Remote', remote_path, class: 'remote', remote: true, data: { type: :json } %>
    ```

    Fixes #34541

    *Wolfgang Hobmaier*


## Rails 5.2.2.1 (March 11, 2019) ##

*   No changes.
2019-04-14 10:31:52 +00:00
taca
1704e3e440 www/ruby-rails51: update to 5.1.6.2
Update to ruby-rails51 to 5.1.6.2; security fix of actionpack.
2019-04-14 10:25:59 +00:00
taca
3914c2fd00 www/ruby-actioncable51: update to 5.1.6.2
## Rails 5.1.6.2 (March 11, 2019) ##

*   No changes.
2019-04-14 10:23:18 +00:00
taca
f977466739 www/ruby-actionpack51: update to 5.1.6.2
www/ruby-actionpack51: Update to 5.1.6.2

* Fix [CVE-2019-5418] and [CVE-2019-5419].
2019-04-14 10:22:51 +00:00
taca
23d2035352 www/ruby-actionview51: update to 5.1.6.2
## Rails 5.1.6.2 (March 11, 2019) ##

*   No changes.
2019-04-14 10:22:11 +00:00
taca
8b4d5a9986 www/ruby-rails42: update to 4.2.11.1
Update ruby-rails24 to 4.2.11.1; security fix of actionpack.
2019-04-14 10:16:19 +00:00
taca
af6c752ab2 www/ruby-actionpack42: update to 4.2.11.1
## Rails 4.2.11.1 (March 11, 2019) ##

* Fix [CVE-2019-5418] and [CVE-2019-5419].
2019-04-14 10:14:25 +00:00
taca
364ed60392 www/ruby-actionview42: update to 4.2.11.1
## Rails 4.2.11.1 (March 11, 2019) ##

*   No changes.
2019-04-14 10:13:39 +00:00
taca
971cfc4763 www/contao35: update to 3.5.40
Version 3.5.40 (2019-04-10)
---------------------------

### Fixed
Fix the save callback in the back end password module (see #429).
2019-04-14 09:23:06 +00:00
hauke
9424688368 Update to glpi v9.4.2, with security and bug fixes.
- Security: prevent external redirections
- Fix some performances issues
- Fix various issues on plugins loading (cache conflict, bad locales)
- Fix display of documents in tickets
- Fix display of user's pictures
- Fix lost of some relations and sql errors when transferring items
- Feature: add Historical tab on config page
- And many more!

The full changelog is available:
https://github.com/glpi-project/glpi/milestone/32?closed=1
2019-04-12 13:23:57 +00:00
leot
bf73f3d426 webkit-gtk: Adjust WEBKIT_JIT_MACHINE_PLATFORMS per-upstream
Sync WEBKIT_JIT_MACHINE_PLATFORMS (platforms where `webkit-jit'
option is suggested) is enabled by default with
Source/cmake/WebKitFeatures.cmake.

While here also disable ENABLE_C_LOOP when ENABLE_JIT is enabled
(the two options are incompatible).

Should workaround PR pkg/54109.

(No PKGREVISION bump since it should only fix platforms where since
update of webkit-gtk 2.24.0 were broken.)
2019-04-11 17:48:39 +00:00
ryoon
b1f440f479 Update to 66.0.3
* Sync with www/firefox-66.0.3
2019-04-11 13:43:35 +00:00
ryoon
f46ac49e44 Update to 66.0.3
Changelog:
Fixed
    Address bar on tablets running Windows 10 now behaves correctly (Bug 1498973)

    Performance issues with some HTML5 games (Bug 1537609)

    Fixed a bug with keypress events in IBM cloud applications (Bug 1538970)

    Fix for keypress events in some Microsoft cloud applications (Bug 1539618)

Changed
    Updated Baidu search plugin
2019-04-11 13:42:32 +00:00
leot
517c5be2ec webkit-gtk: Add references about WEBKIT_JIT_MACHINE_PLATFORMS 2019-04-09 15:34:04 +00:00
taca
6b6c1fb11b www/contao35: update to 3.5.39
pkgsrc change: use SUBST_VARS.


Version 3.5.39 (2019-04-09)
---------------------------

### Fixed
Invalidate the user sessions if a password changes (see CVE-2019-10641).
2019-04-09 13:09:17 +00:00
taca
e350b45850 www/contao: clean up
Remove support files for Contao 4 and later.
2019-04-09 13:07:42 +00:00
leot
1b13af4b71 webkit-gtk: Update to 2.24.1
Changes:
WebKitGTK  2.24.1
=================
 - Do not allow changes in active URI before provisional load starts for non-API requests.
 - Stop the threaded compositor when the page is not visible or layer tree state is frozen.
 - Use WebKit HTTP source element again for adaptive streaming fragments downloading.
 - Properly handle empty resources in webkit_web_resource_get_data().
 - Add quirk to ensure outlook.live.com uses the modern UI.
 - Fix methods returing GObject or boxed types in JavaScriptCore GLib API.
 - Ensure callback data is passed to functions and constructors with no parameters in JavaScriptCore GLib API.
 - Fix rendering of complex text when the font uses x,y origins.
 - Fix sound loop with Google Hangouts and WhatsApp notifications.
 - Fix the build with GStreamer 1.12.5 and GST GL enabled.
 - Detect SSE2 at compile time.
 - Fix several crashes and rendering issues.
 - Security fixes: CVE-2019-6251.
2019-04-09 12:45:28 +00:00
adam
a79ec713ba py-flask-caching: updated to 1.7.0
Version 1.7.0:
**This is the last version supporting Python 2!**
- Added a feature called 'response_filter' which enables one to only
  cache views depending on the response code.
- A DeprecationWarning got turned into a TypeError.

Version 1.6.0:
- The delete_many function is now able to ignore any errors and continue
  deleting the cache. However, in order to preserve backwards compatibility,
  the default mode is to abort the deletion process. In order to use the new
  deletion mode, one has to flip the config setting CACHE_IGNORE_ERRORS to
  True. This was and still is only relevant for the **filesystem** and
  **simple** cache backends.
- Re-added the gaememcached CACHE_TYPE for improved backwards compatibility.
- Documentation improvements
2019-04-09 08:42:19 +00:00
adam
976235e615 py-django-admin-rangefilter: updated to 0.3.14
0.3.14:
- Added French translation
- Added German translation

0.3.13:
- Added Czech translation
2019-04-08 18:37:47 +00:00
leot
771cb4ba44 links{,-gui}: Update to 2.19
pkgsrc changes:
 - Add fontconfig and freetype2 dependencies to links-gui in order to adjust
   per-upstream defaults

Changes:
2.19
----
 - Disable high-DPI scaling on Windows
 - Links makes it possible to specify scaling of text and images in the
   dialog windows, so this should preferably be used instead of
   system-level scaling
 - Fixed a crash on invalid IDN URL, such as http://test,ï.com/
   (found by lsxvdqe@gmail.com)
 - Make it possible to select other fonts, using fontconfig and freetype
 - Show certificate authority in the "Document info" box
 - Use international error messages
 - The -dump switch didn't report an error if write to stdout failed
2019-04-07 19:49:12 +00:00
adam
96d4e688da py-wsproto: updated to 0.14.0
0.14.0:
* Bugfix clarify subprotocol type as str not bytes.
* Support HTTP/2 WebSockets. This requires a HTTP/2 parser (not
  included), with hyper-h2 recommended. It renames
  handshake_extensions and hence is a breaking change.
* Bugfix badly formatted type hints.
* Bugfix minor issues identified by type checking.

0.13.0:
* Introduce a send method on the conenction which accepts the new
  events. This requires the following usage changes, ::
    connection.accept(subprotocol=subprotocol) -> connection.send(AcceptConnection(subprotocol=subprotocol))
    connection.send_data(data) -> connection.send(Message(payload=payload))
    connection.close(code) -> connection.send(CloseConnection(code=code))
    connection.ping() -> connection.send(Ping())
    connection.pong() -> connection.send(Pong())

* The Event structure is altered to allow for events to be sent and
  received, this requires the following name changes in existing code, ::
    ConnectionRequested -> Request
    ConnectionEstablished -> AcceptConnection
    ConnectionClosed -> CloseConnection
    DataReceived -> Message
    TextReceived -> TextMessage
    BytesReceived -> BytesMessage
    PingReceived -> Ping
    PongReceived -> Pong

* Introduce RejectConnection and RejectData events to be used by a
  server connection to reject rather than accept a connection or by a
  client connection to emit the rejection response. The RejectData
  event represents the rejection response body, if present.
* Add an extra_headers field to the AcceptConnection event in order to
  customise the acceptance response in server mode or to emit this
  information in client mode.
* Switch from Fail events being returned to RemoteProtocolErrors being
  raised.
* Switch from ValueErrors to LocalProtocolErrors being raised when
  an action is taken that is incompatible with the connection state or
  websocket standard.
* Enforce version checking in SERVER mode, only 13 is supported.
* Add an event_hint to RemoteProtocolErrors to hint at how to respond
  to issues.
* Switch from a bytes_to_send method to the send method
  returning the bytes to send directly. Responses to Ping and Close
  messages must now be sent (via send), with the Ping and
  CloseConnection events gaining a response method. This
  allows ::
    if isinstance(event, Ping):
        bytes_to_send = connection.send(event.response())
* Separate the handshake from the active connection handling. This
  allows the handshake and connection to be seperately used. By
  default though WSConnection does both.
* receive_bytes is renamed to receive_data and
  WSConnection should be imported from wsproto rather than
  wsproto.connection.

0.12.0:
* Support h11 ~0.8.1.
* Support Python 3.7.
* Make the close-handshake more explicit, by sending a close frame on
  reciept of a close frame.
* Bugfix fix deflate after a non-compressable message.
* Bugfix connection header acceptance, by accepting Connection header
  values that are comma separated lists.
2019-04-07 15:58:32 +00:00
jperkin
6e63b8a1c0 apache24: Make xml support optional, defaulting to on.
Allows mod_proxy_html to be supported again.  Based on a pull request from
vec4f in joyent/pkgsrc#169.
2019-04-05 13:48:38 +00:00
adam
9d687ac526 py-sanic: updated to 19.3.1
19.3.1
Changes:
* Add support for zero-length and RFC 5987 encoded filename for multipart/form-data requests.
* The type of expires attribute of sanic.cookies.Cookie is now enforced to be of type datetime.
* Add support for the stream parameter of sanic.Sanic.add_route() available to sanic.Blueprint.add_route().
* Accept negative values for route parameters with type int or number.
* Deprecated the use of sanic.request.Request.raw_args - it has a fundamental flaw in which is drops repeated query string parameters. Added sanic.request.Request.query_args as a replacement for the original use-case.
* Remove an unwanted None check in Request class repr implementation. This changes the default repr of a Request from <Request> to <Request: None />
* Added 2 new parameters to sanic.app.Sanic.create_server:
return_asyncio_server - whether to return an asyncio.Server.
asyncio_server_kwargs - kwargs to pass to loop.create_server for the event loop that sanic is using.
This is a breaking change.
* Added a set of test cases that test and benchmark route resolution.
* The type of the "max-age" value in a sanic.cookies.Cookie is now enforced to be an integer. Non-integer values are replaced with 0.
* Added the endpoint attribute to an incoming request, containing the name of the handler function.
* Improved request streaming. request.stream is now a bounded-size buffer instead of an unbounded queue. Callers must now call await request.stream.read() instead of await request.stream.get() to read each portion of the body.
This is a breaking change.

Fixes:
* Sanic was prefetching time.time() and updating it once per second to avoid excessive time.time() calls. The implementation was observed to cause memory leaks in some cases. The benefit of the prefetch appeared to negligible, so this has been removed. Fixes
* Fix a bug in the auto-reloader when the process was launched as a module i.e. python -m init0.mod1 where the sanic server is started in init0/mod1.py with debug enabled and imports another module in init0.
* Allow sanic test client to bind to a random port by specifying port=None when constructing a SanicTestClient
* Added the ability to specify middleware on a blueprint group, so that all routes produced from the blueprints in the group have the middleware applied.
* Allow the the use the SANIC_ACCESS_LOG environment variable to enable/disable the access log when not explicitly passed to app.run(). This allows the access log to be disabled for example when running via gunicorn.

Developer infrastructure:
* Update project PyPI credentials
* fix linter issue causing travis build failures
* Fix python version in doc build
* Upgrade setuptools version and use native docutils in doc build
* Upgrade pytest, and fix caplog unit tests

Typos and Documentation:
* Fix typo at the exception documentation
* fix typo in Asyncio example
* Documentation typo
* Fix grammar in README.md
* Added "databases" to the extensions list
* Add sanic-zipkin to extensions list
* Removed link to deleted repo, Sanic-OAuth, from the extensions list
* 18.12 changelog
* Add example of amending request object
* Update README
* Update README
* Update README, including new logo
* fix minor type and pip install instruction mismatch
* Documentation Enhancements
2019-04-04 12:25:38 +00:00
adam
a168e73adc py-terminado: updated to 0.8.2
0.8.2:
Bug fixes.
2019-04-04 07:26:25 +00:00
wen
c09b332abc Update to 3.0.0
Upstream changes:
v3.0.0    2019-03-11 13:52:08Z
        - Better fix for handling malformed tags. Removes max_parser_loops(),
          which was introduced in 2.4.0 (GH#37) (Graham Knop)
2019-04-04 07:19:01 +00:00
wen
666ab840f5 Update to 6.04
Upstream changes:
6.04      2019-03-25 18:22:51Z
    - Convert to Dist::Zilla
    - Add an autocomplete method (GH #13) (Olaf Alders)
2019-04-04 07:06:19 +00:00
wen
6b18d6e599 Update to 2.15
Upstream changes:
2.15 2019-03-29
    [FIX]
    - ensure upload hooks are passed to CGI.pm constructor
     (GH #19, thanks to ikegami)

2.14 2019-03-26
    [DOCUMENTATION]
    - Add a link to the "you probably shouldn't use CGI.pm" docs
2019-04-04 06:51:52 +00:00
wen
9d4de9ce14 Update to 4.42
Upstream changes:
4.42 2019-03-26

    [ DOCUMENTATION ]
    - clarify licence also in Makefile.PL (GH #232)

4.41 2019-03-26

    [ DOCUMENTATION ]
    - clarify licence (GH #232)
2019-04-04 06:44:11 +00:00
leot
40759711c1 py-soupsieve: Remove no longer needed/used patch
setup.py was differently adjusted upstream to exclude all tests.
2019-04-04 06:37:09 +00:00
wen
b2b9379258 Update to 1.3512
Upstream changes:
1.3512    2019-03-31 20:10:08+01:00 Europe/London
Promoting previous trial release 1.3511 to stable.

1.3511    2019-03-29 11:16:08+00:00 Europe/London (TRIAL RELEASE)
[BUG FIXES]
 - More session cookie handling fun - avoid causing test failures in dependencies
   in some cases (e.g. RT #128911 and others)

[ENHANCEMENTS]
 - hold session in SharedData, to avoid reading the session contents every time
   anything is requested, could be a performance win

1.3510    2019-03-19 14:42:26+00:00 Europe/London
Promoting previous trial release 1.3501  to stable.
Fix #1204 - more proxy-related test failure fun

1.3501    2019-03-14 19:19:49+00:00 Europe/London (TRIAL RELEASE)
[BUG FIXES]
Fix "too late to set cookie" errors if you access a session within an after hook
after using send_file().
2019-04-04 06:37:08 +00:00
adam
e9c70a50cf py-soupsieve: updated to 1.9.0
1.9.0:
NEW: Allow :contains() to accept a list of text to search for.
NEW: Add new escape function for escaping CSS identifiers.
NEW: Deprecate comments and icomments functions in the API to ensure Soup Sieve focuses only in CSS selectors. comments and icomments will most likely be removed in 2.0.
NEW: Add Python 3.8 support.
FIX: Don't install test files when installing the soupsieve package.
FIX: Improve efficiency of :contains() comparison.
FIX: Null characters should translate to the Unicode REPLACEMENT CHARACTER (U+FFFD) according to the specification. This applies to CSS escaped NULL characters as well.
FIX: Escaped EOF should translate to U+FFFD outside of CSS strings. In a string, they should just be ignored, but as there is no case where we could resolve such a string and still have a valid selector, string handling remains the same.
2019-04-03 09:29:54 +00:00
ryoon
6fc378bce9 Recursive revbump from textproc/icu 2019-04-03 00:32:25 +00:00
adam
97f7002406 py-cherrypy: updated to 18.1.1
v18.1.1
* :pr:1774 reverts :pr:1759 as new evidence emerged that
  the original behavior was intentional. Re-opens :issue:1758.
2019-04-02 08:29:59 +00:00
adam
283f038eba apache24: updated to 2.4.39
Changes with Apache 2.4.39

*) mod_proxy/ssl: Cleanup per-request SSL configuration anytime a backend
   connection is recycled/reused to avoid a possible crash with some SSLProxy
   configurations in <Location> or <Proxy> context.

*) mod_ssl: Correctly restore SSL verify state after TLSv1.3 PHA failure.

*) mod_log_config: Support %{c}h for conn-hostname, %h for useragent_host

*) mod_socache_redis: Support for Redis as socache storage provider.

*) core: new configuration option 'MergeSlashes on|off' that controls handling of
   multiple, consecutive slash ('/') characters in the path component of the request URL.

*) mod_http2: when SSL renegotiation is inhibited and a 403 ErrorDocument is
   in play, the proper HTTP/2 stream reset did not trigger with H2_ERR_HTTP_1_1_REQUIRED.

*) mod_http2: new configuration directive: `H2Padding numbits` to control
   padding of HTTP/2 payload frames. 'numbits' is a number from 0-8,
   controlling the range of padding bytes added to a frame. The actual number
   added is chosen randomly per frame. This applies to HEADERS, DATA and PUSH_PROMISE
   frames equally. The default continues to be 0, e.g. no padding.

*) mod_http2: ripping out all the h2_req_engine internal features now that mod_proxy_http2
   has no more need for it. Optional functions are still declared but no longer implemented.
   While previous mod_proxy_http2 will work with this, it is recommeneded to run the matching
   versions of both modules.

*) mod_proxy_http2: changed mod_proxy_http2 implementation and fixed several bugs which
   resolve bug 63170. The proxy module does now a single h2 request on the (reused)
   connection and returns.

*) mod_http2/mod_proxy_http2: proxy_http2 checks correct master connection aborted status
   to trigger immediate shutdown of backend connections. This is now always signalled
   by mod_http2 when the the session is being released.
   proxy_http2 now only sends a PING frame to the backend when there is not already one
   in flight.

*) mod_proxy_http2: fixed an issue where a proxy_http2 handler entered an infinite
   loop when encountering certain errors on the backend connection.

*) mod_http2: Configuration directives H2Push and H2Upgrade can now be specified per
   Location/Directory, e.g. disabling PUSH for a specific set of resources.

*) mod_http2: HEAD requests to some module such as mod_cgid caused the stream to
   terminate improperly and cause a HTTP/2 PROTOCOL_ERROR.

*) http: Fix possible empty response with mod_ratelimit for HEAD requests.

*) mod_cache_socache: Avoid reallocations and be safe with outgoing data
   lifetime.

*) MPMs unix: bind the bucket number of each child to its slot number, for a
   more efficient per bucket maintenance.

*) mod_auth_digest: Fix a race condition. Authentication with valid
   credentials could be refused in case of concurrent accesses from
   different users.

*) mod_http2: enable re-use of slave connections again. Fixed slave connection
   keepalives counter.

*) mod_reqtimeout: Allow to configure (TLS-)handshake timeouts.

*) mod_proxy_wstunnel: Fix websocket proxy over UDS.

*) mod_ssl: Don't unset FIPS mode on restart unless it's forced by
   configuration (SSLFIPS on) and not active by default in OpenSSL.
2019-04-02 07:25:38 +00:00
ryoon
849241cb09 Update to 66.0.2
* Sync with www/firefox-66.0.2
* Add some new locales
2019-04-01 12:40:47 +00:00
ryoon
b7b095d599 Update to 66.0.2
Changelog:
Fixed
    Fixed Web compatibility issues with Office 365, iCloud and IBM
    WebMail caused by recent changes to the handling of keyboard
    events (Bug 1538966)

    Crash fixes (bug 1521370, bug 1539118)
2019-04-01 12:27:52 +00:00
leot
ca32e062e3 vimb: Update to 3.4.0
Changes:
3.4.0
=====
Added
-----
* Allow to show video in fullscreen, without statusbar and inputbox, if requested.
* Added option `--no-maximize` to no start with maximized window #483.
* New setting `prevent-newwindow` to enforce opening links into same window
  even if they are crafted by `target="_blank"` or using `window.open(...)` #544.

Changed
-------
* Increased min required webkit version to 2.20.x.
* Use man page date instead of build date to make reproducible builds.
* URLs shown on statusbar and title are now shown as punicode if they contain
  homographs.

Fixed
-----
* Fix out-of-bounds buffer access in parse_command (Thanks to Sören Tempel) #529.
* Fixed none shown hint labels by Content-Security-Policy headers #531.
* Fixed segfault on JavaScript `window.close()` call #537.
* Fixed no char inserted in input mode after timeout and imap/inoremap
  candidate #546.
2019-03-31 20:52:16 +00:00
leot
ecb6a05128 curl: Update to 7.64.1
pkgsrc changes:
 - No longer install MANUAL, it is no longer available
 - Remove patch-lib_hostcheck.c, <netinet/in.h> is already included few
   lines before
 - Take MAINTAINERSHIP

Changes:
7.64.1
======
This release includes the following changes:

 o alt-svc: experiemental support added [74]
 o configure: add --with-amissl [84]

This release includes the following bugfixes:

 o AppVeyor: add MinGW-w64 and classic Mingw builds [55]
 o AppVeyor: switch VS 2015 builds to VS 2017 image [49]
 o CURLU: fix NULL dereference when used over proxy [73]
 o Curl_easy: remove req.maxfd - never used! [58]
 o Curl_now: figure out windows version in win32_init: [11]
 o Curl_resolv: fix a gcc -Werror=maybe-uninitialized warning [20]
 o DoH: inherit some SSL options from user's easy handle [80]
 o Secure Transport: no more "darwinssl" [56]
 o Secure Transport: tvOS 11 is required for ALPN support [94]
 o cirrus: Added FreeBSD builds using Cirrus CI
 o cleanup: make local functions static [5]
 o cli tool: do not use mime.h private structures [27]
 o cmdline-opts/proxytunnel.d: the option tunnnels all protocols [83]
 o configure: add additional libraries to check for LDAP support [45]
 o configure: remove the unused fdopen macro [40]
 o configure: show features as well in the final summary [15]
 o conncache: use conn->data to know if a transfer owns it [95]
 o connection: never reuse CONNECT_ONLY connections [35]
 o connection_check: restore original conn->data after the check [14]
 o connection_check: set ->data to the transfer doing the check [3]
 o cookie: Add support for cookie prefixes [29]
 o cookies: dotless names can set cookies again [81]
 o cookies: fix NULL dereference if flushing cookies with no CookieInfo set [47]
 o curl.1: --user and --proxy-user are hidden from ps output [86]
 o curl.1: mark the argument to --cookie as <data|filename> [87]
 o curl.h: use __has_declspec_attribute for shared builds [52]
 o curl: display --version features sorted alphabetically [51]
 o curl: fix FreeBSD compiler warning in the --xattr code [2]
 o curl: remove MANUAL from -M output [38]
 o curl_easy_duphandle.3: clarify that a duped handle has no shares [64]
 o curl_multi_remove_handle.3: use at any time, just not from within callbacks
 o curl_url.3: this API is not experimental anymore
 o dns: release sharelock as soon as possible [1]
 o docs: update max-redirs.d phrasing [59]
 o easy: fix win32 init to work without CURL_GLOBAL_WIN32 [30]
 o examples/10-at-a-time.c: improve readability and simplify
 o examples/cacertinmem.c: use multiple certificates for loading CA-chain [54]
 o examples/crawler: Fix the Accept-Encoding setting
 o examples/ephiperfifo.c: various fixes [63]
 o examples/externalsocket: add missing close socket calls [78]
 o examples/http2-download: cleaned up
 o examples/http2-serverpush: add some sensible error checks [31]
 o examples/http2-upload: cleaned up
 o examples/httpcustomheader: Value stored to 'res' is never read
 o examples/postinmemory: Potential leak of memory pointed to by 'chunk.memory'
 o examples/sftpuploadresume: Value stored to 'result' is never read
 o examples: only include <curl/curl.h> [70]
 o examples: remove recursive calls to curl_multi_socket_action [42]
 o examples: remove superfluous null-pointer checks
 o file: fix "Checking if unsigned variable 'readcount' is less than zero." [90]
 o fnmatch: disable if FTP is disabled [25]
 o gnutls: remove call to deprecated gnutls_compression_get_name [66]
 o gopher: remove check for path == NULL [69]
 o gssapi: fix deprecated header warnings [16]
 o hostip: make create_hostcache_id avoid alloc + free [4]
 o http2: multi_connchanged() moved from multi.c, only used for h2 [21]
 o http2: verify :athority in push promise requests [37]
 o http: make adding a blank header thread-safe [33]
 o http: send payload when (proxy) authentication is done [89]
 o http: set state.infilesize when sending multipart formposts [57]
 o makefile: make checksrc and hugefile commands "silent" [85]
 o mbedtls: make it build even if MBEDTLS_VERSION_C isn't set [24]
 o mbedtls: release sessionid resources on error [28]
 o memdebug: log pointer before freeing its data [91]
 o memdebug: make debug-specific functions use curl_dbg_ prefix [82]
 o mime: put the boundary buffer into the curl_mime struct [18]
 o multi: call multi_done on connect timeouts, fixes CURLINFO_TOTAL_TIME [43]
 o multi: remove verbose "Expire in" ... messages [23]
 o multi: removed unused code for request retries [79]
 o multi: support verbose conncache closure handle [72]
 o negotiate: fix for HTTP POST with Negotiate [88]
 o openssl: add support for TLS ASYNC state [46]
 o openssl: if cert type is ENG and no key specified, key is ENG too [93]
 o pretransfer: don't strlen() POSTFIELDS set for GET requests [22]
 o rand: Fix a mismatch between comments in source and header [32]
 o runtests: detect "schannel" as an alias for "winssl" [50]
 o schannel: be quiet - remove verbose output [19]
 o schannel: close TLS before removing conn from cache [10]
 o schannel: support CALG_ECDH_EPHEM algorithm [44]
 o scripts/completion.pl: also generate fish completion file [67]
 o singlesocket: fix the 'sincebefore' placement [36]
 o source: fix two 'nread' may be used uninitialized warnings [68]
 o ssh: fix Condition '!status' is always true [60]
 o ssh: loop the state machine if not done and not blocking [71]
 o strerror: make the strerror function use local buffers [48]
 o system_win32: move win32_init here from easy.c [65]
 o test578: make it read data from the correct test
 o tests: Fixed XML validation errors in some test files
 o tests: add stderr comparison to the test suite [26]
 o tests: fix multiple may be used uninitialized warnings
 o threaded-resolver: shutdown the resolver thread without error message [61]
 o tool_cb_wrt: fix writing to Windows null device NUL [96]
 o tool_getpass: termios.h is present on AmigaOS 3, but no tcgetattr/tcsetattr [84]
 o tool_operate: build on AmigaOS [84]
 o tool_operate: fix typecheck warning [9]
 o transfer.c: do not compute length of undefined hex buffer
 o travis: add build using gnutls [75]
 o travis: add scan-build [13]
 o travis: bump the used wolfSSL version to 4.0.0 [92]
 o travis: enable valgrind for the iconv tests [12]
 o travis: use updated compiler versions: clang 7 and gcc 8 [77]
 o unit1307: require FTP support [17]
 o unit1651: survive curl_easy_init() fails
 o url/idnconvert: remove scan for <= 32 ascii values [6]
 o url: change conn shutdown order to ensure SOCKETFUNCTION callbacks [39]
 o urlapi: reduce variable scope, remove unreachable 'break' [7]
 o urldata: convert bools to bitfields and move to end [53]
 o urldata: simplify bytecounters [62]
 o urlglob: Argument with 'nonnull' attribute passed null
 o version.c: silent scan-build even when librtmp is not enabled
 o vtls: rename some of the SSL functions [84]
 o wolfssl: stop custom-adding curves [41]
 o x509asn1: "Dereference of null pointer"
 o x509asn1: cleanup and unify code layout [34]
 o zsh.pl: escape ':' character [8]
 o zsh.pl: update regex to better match curl -h output [8]
2019-03-31 20:41:29 +00:00
jperkin
a63c784433 webkit-gtk: Naive implementation of computeRAMSize for SunOS. 2019-03-27 10:50:30 +00:00
adam
52a69fc50a nginx-devel: updated to 1.5.10
Changes with nginx 1.15.10:
*) Change: when using a hostname in the "listen" directive nginx now
   creates listening sockets for all addresses the hostname resolves to
   (previously, only the first address was used).
*) Feature: port ranges in the "listen" directive.
*) Feature: loading of SSL certificates and secret keys from variables.
*) Workaround: the $ssl_server_name variable might be empty when using
   OpenSSL 1.1.1.
*) Bugfix: nginx/Windows could not be built with Visual Studio 2015 or
   newer; the bug had appeared in 1.15.9.

nginx-nchan:
1.2.5:
 fix: using multiplexed channels with Redis in backup mode may result in worker crash
 fix: nchan_publisher_channel_id could not be set exclusively in a publisher location
 fix: Google pagespeed module compatibility
 fix: nchan prevents nginx from starting if no http {} block is configured
1.2.4:
 fix: Redis cluster info with zero-length hostname may result in worker crash
 fix: build problems with included hiredis lib in FreeBSD
 feature: nchan_redis_namespace and nchan_redis_ping_interval now work in upstream blocks
 fix: websocket publisher did not publishing channel events
 fix: Redis namespace was limited to 8 bytes
2019-03-27 06:45:13 +00:00
ryoon
d43e7ffd4b Update to 9.0.17
Changelog:
    The APR/Native connector now supports both OpenSSL and JSSE
    TLS configuration syntax (NIO and NIO2 already support this)

    Various improvements to NIO2

    Various fixes for HTTP/2 push requests
2019-03-26 20:59:57 +00:00
ryoon
faf728fc42 Update to 8.5.39
Changelog:
    The APR/Native connector now supports both OpenSSL and JSSE
    TLS configuration syntax (NIO and NIO2 already support this)

    Various improvements to NIO2

    Various fixes for HTTP/2 push requests

    Refactor error handling so that errors that occur early in
    request processing are handled by the application's error
    handling where the application can be identified
2019-03-26 20:57:51 +00:00
ryoon
0a401e3a9c Update to 7.0.93
Changelog:
Update the packaged version of the Tomcat Native Library to 1.2.21
to pick up the latest Windows binaries built with APR 1.6.5 and
OpenSSL 1.1.1a and to pick up the memory leak fixes when using
NIO/NIO2 with OpenSSL.
2019-03-26 20:56:23 +00:00
wiz
6098c1a7e3 *: recursive bump for vala-0.44 2019-03-25 13:56:25 +00:00
wiz
37705df3ec py-mechanize: update to 0.4.1.
No changelog found.
2019-03-25 13:28:33 +00:00
adam
72ff66eb83 py-httptools: updated to 0.0.13
0.0.13:
Unknown changes
2019-03-25 08:56:23 +00:00
leot
3d3e1211b3 ap2-auth-mellon: Adjust MASTER_SITES handling (NFCI)
Use GITHUB_PROJECT and GITHUB_RELEASE instead of manually adjusting
MASTER_SITES.
2019-03-25 06:21:06 +00:00
nia
9986eb5d27 www/gitea: Add version 1.7.4
Mostly based on work by tuxillo in pkgsrc-wip with some changes and additions
by me.

Gitea is a community managed fork of Gogs, lightweight code hosting solution
written in Go and published under the MIT license.
2019-03-24 21:34:23 +00:00
ryoon
33d5b13662 Update to 60.6.1
* Sync with www/firefox60-60.6.1
2019-03-24 12:38:06 +00:00
ryoon
b38b07e9ac Update to 60.6.1
Changelog:
60.6.1
#CVE-2019-9810: IonMonkey MArraySlice has incorrect alias information
#CVE-2019-9813: Ionmonkey type confusion with __proto__ mutations


60.6.0
#CVE-2019-9790: Use-after-free when removing in-use DOM elements
#CVE-2019-9791: Type inference is incorrect for constructors entered through on-stack replacement with IonMonkey
#CVE-2019-9792: IonMonkey leaks JS_OPTIMIZED_OUT magic value to script
#CVE-2019-9793: Improper bounds checks when Spectre mitigations are disabled
#CVE-2019-9794: Command line arguments not discarded during execution
#CVE-2019-9795: Type-confusion in IonMonkey JIT compiler
#CVE-2019-9801: Windows programs that are not 'URL Handlers' are exposed to web content
#CVE-2018-18506: Proxy Auto-Configuration file can define localhost access to be proxied
#CVE-2019-9788: Memory safety bugs fixed in Firefox 66 and Firefox ESR 60.6


Enterprise
    In the network connections settings, sites added to the "No proxy for" list will now honor that setting regardless of any other specified proxy settings
2019-03-24 12:36:42 +00:00
ryoon
56b6d2b913 Update to 15.0.5
Changelog:
Changes
    Show autocompletion as soon as "@" is typed (server#13961)
    Trim filename in webfrontend for windows compatibility (server#13978)
    Clean code and fix drop zone shadow (server#13982)
    Show original path in trashbin (server#14029)
    Update icewind/smb to 3.0.1 (server#14068)
    Fix: Check if `$this->params['user']` is an array (server#14085)
    [Security] Bump lodash from 4.17.10 to 4.17.11 in /apps/updatenotification (server#14093)
    [Security] Bump lodash from 4.17.10 to 4.17.11 in /apps/accessibility (server#14094)
    [Security] Bump lodash from 4.17.10 to 4.17.11 in /apps/oauth2 (server#14095)
    Make sure the relative path is always a string (server#14101)
    Fix the thorrtler whitelist bitmask (server#14151)
    [Security] Bump handlebars from 4.0.12 to 4.1.0 in /build (server#14187)
    Fix recent files (server#14195)
    Update CRL to contain revoked files_external_dropbox, passman & payback (server#14201)
    Ensure attribute names are lower cased (server#14203)
    Fix small glitches in update notification page (server#14207)
    Fix expiration date changing (server#14212)
    Fix trashbin restore translation (server#14213)
    Remove trailing spaces from localized strings (server#14225)
    Fixing phpdoc in FullTextSearch/Model/ISearchResult (server#14268)
    Fix empty file uploads to S3 (and other streaming storages) (server#14273)
    Do not do redirect handling when loggin out (server#14275)
    Catch Request exception in testRemoteUrl (server#14277)
    Correctly determinate the owner in case of shared external storages (server#14283)
    Fix header label visibility on open menu (server#14287)
    Prefix $path for filename for internal file cache (server#14288)
    Set false as default for requirePNG (server#14292)
    Use proper scroll container when dragging files (server#14301)
    Fix OC.getCurrentUser() on guest pages (server#14308)
    Fix ocm end-point discovery discovery (server#14312)
    Apply theme to 2FA button (server#14331)
    Fix "Undefined index: user_uid" on login page (server#14339)
    Fix unsafe array access (server#14340)
    Always query lookup server in GS mode (server#14368)
    Use latest ca-bundle.crt from https://curl.haxx.se/docs/caextract.html (server#14371)
    Try to support 7.3 for DAV (3rdparty#213)
    Backport/stable15/streams 0.7.1 (3rdparty#244)
    Don't add empty entries to the objects array (activity#347)
    Ensure parameters are always an array (activity#350)
    Bye, Scrutinizer! (notifications#293)
2019-03-24 09:05:39 +00:00
wiz
d27f498d3e *: reset maintainer 2019-03-24 07:44:55 +00:00
ryoon
efa449de63 Update to 66.0.1
* Sync with www/firefox-66.0.1
2019-03-24 05:45:46 +00:00
ryoon
037b9f38e0 Update to 66.0.1
Changelog:
Security fixes:
#CVE-2019-9810: IonMonkey MArraySlice has incorrect alias information
#CVE-2019-9813: Ionmonkey type confusion with __proto__ mutations
2019-03-24 05:44:14 +00:00
manu
48bc99c051 Updated www/ap2-auth-mellon to 0.14.2
Changes sine 0.14.0 include:
- Fix CVE-2019-3878 Authentication bypass when Apache is used as reverse proxy
- Fix CVE-2019-3877 Redirect URL validation bypass
- Fix environment variables in MellonCond
- Fix detection of AJAX requests
- Fix trailing semi-colon in Set-Cookie header
2019-03-23 02:37:41 +00:00
adam
8cdc9ae70e py-notebook: updated to 5.7.6
5.7.6
5.7.6 contains a security fix for a cross-site inclusion (XSSI) vulnerability,
where files at a known URL could be included in a page from an unauthorized website if the user is logged into a Jupyter server.
The fix involves setting the X-Content-Type-Options: nosniff
header, and applying CSRF checks previously on all non-GET
API requests to GET requests to API endpoints and the /files/ endpoint.

The attacking page is able to access some contents of files when using Internet Explorer through script errors,
but this has not been demonstrated with other browsers.
A CVE has been requested for this vulnerability.

5.7.5
- Fix compatibility with tornado 6
- Fix opening integer filedescriptor during startup on Python 2
- Fix compatibility with asynchronous KernelManager.restart_kernel methods
2019-03-22 17:55:05 +00:00
adam
2af0db2d64 py-nbconvert: updated to 5.4.1
5.4.1:
New Features
- Expose pygments styles
- Tornado 6.0 support -- Convert proxy handler from callback to coroutine
- Add option to overwrite the highlight_code filter

Fixing Problems
- Mathjax.tpl fix for rendering Latex in html
- Backwards compatbility for empty kernel names

Testing, Docs, and Builds
- DOC: Add missing language specification to code-block
2019-03-22 11:20:41 +00:00
prlw1
d16754f4b8 Update drupal7 to 7.65
* Drupal core - Cross-Site Scripting- SA-CORE-2019-004

Under certain circumstances the File module/subsystem allows a
malicious user to upload a file that can trigger a cross-site
scripting (XSS) vulnerability.
2019-03-21 11:47:16 +00:00
prlw1
19e1a0419f Update drupal8 to 8.6.13
* Drupal core - Cross-Site Scripting- SA-CORE-2019-004

Under certain circumstances the File module/subsystem allows a
malicious user to upload a file that can trigger a cross-site
scripting (XSS) vulnerability.
2019-03-21 11:42:00 +00:00
adam
edc646f05e py-cfscrape: updated to 1.9.7
1.9.7:
Update __init__.py

1.9.6:
Bump version
2019-03-21 10:23:45 +00:00
adam
dacf780633 py-websocket-client: updated to 0.56.0
0.56.0:
Don't retry sockets with timeout set to
2019-03-21 10:18:14 +00:00
tsutsui
f77742f969 ruby-gnome2: update to 3.3.6.
Upstream changes:

== Ruby-GNOME2 3.3.6: 2019-03-21

This is a follow-up release of 3.3.5.

=== Changes

==== Ruby/GIO2

  * Improvements

    * (({Gio::File#read})): Added support for block.

    * (({Gio::File.open})): Added support for (({Pathname})).

    * (({Gio::InputStream.open})): Added support for block.

==== Ruby/CairoGObject

  * Fixes

    * Fixed a bug that old cairo may be used.

==== Ruby/GObjectIntrospection

  * Fixes

    * Fixed a bug that 64bit integer conversion may be failed for
      large integer.

    * Fixed typos.
2019-03-21 08:42:21 +00:00
tsutsui
4e614a05a1 firefox: 66.0 requires libwebp>=1.0.2. Bump PKGREVISION. 2019-03-20 14:38:17 +00:00
wiz
e8546c406f nvu: remove
Does not build in all bulk builds reports I could find.
Last release from 2005.
2019-03-20 10:02:53 +00:00
mef
a2b6013cd4 Updated www/php-owncloud from 10.0.9 to 10.1.0, php72 supported
(sorry for lengthy some 900 lines),
# Changelog

All notable changes to this project will be documented in this file.

The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/).

## [Unreleased]

### Added

- Added Symfony event for federation to provide apps with federated share receiver id - [#34152](https://github.com/owncloud/core/issues/34152)
- Added mime types for sharedlib and executable - [#33893](https://github.com/owncloud/core/issues/33893)
- Allow loading JSON files in setups with pretty URLs - [#32835](https://github.com/owncloud/core/issues/32835)
- Support global CORS domains for public pages - [#33139](https://github.com/owncloud/core/issues/33139)
- New tag scope "static tags", editable but not assignable - [#33420](https://github.com/owncloud/core/issues/33420) [#33864](https://github.com/owncloud/core/issues/33864) [#34098](https://github.com/owncloud/core/issues/34098)
- Added "getBucket" method to HomeObjectStore to fix S3 issue - [#33513](https://github.com/owncloud/core/issues/33513)
- Pass an additional parameter on the core update - [#33641](https://github.com/owncloud/core/issues/33641)
- Added short list argument to occ files_external:list - [#33684](https://github.com/owncloud/core/issues/33684)
- Public JS utility function for email validation - [#33699](https://github.com/owncloud/core/issues/33699)
- Introduce persistent and explicit locking of file and folders (Webdav locks) - [#33266](https://github.com/owncloud/core/issues/33266) [#33785](https://github.com/owncloud/core/issues/33785) [#33843](https://github.com/owncloud/core/issues/33843) [#33957](https://github.com/owncloud/core/pull/33957) [#33957](https://github.com/owncloud/core/issues/33957) [#34270](https://github.com/owncloud/core/issues/34270) [#34267](https://github.com/owncloud/core/issues/34267) [#34227](https://github.com/owncloud/core/issues/34227) [#34208](https://github.com/owncloud/core/issues/34208) [#34203](https://github.com/owncloud/core/issues/34203) [#34355](https://github.com/owncloud/core/issues/34355) [#34350](https://github.com/owncloud/core/issues/34350)
- Add minimal frontend in files app for persistent locks (Webdav locks) - [#33951](https://github.com/owncloud/core/issues/33951)
- Federated sharing new spec OCM 1.0-proposal1 - [#33027](https://github.com/owncloud/core/issues/33027) [#34113](https://github.com/owncloud/core/issues/34113) [#34252](https://github.com/owncloud/core/issues/34252)
- Add sharing scope to enable addressbook sharing with custom groups - [#33849](https://github.com/owncloud/core/issues/33849)
- Add X-Request-ID to header Access-Control-Allow-Headers - [#33926](https://github.com/owncloud/core/issues/33926)

### Changed

- Use new DAV endpoint in web UI file list and upload - [#33544](https://github.com/owncloud/core/issues/33544)
- Bypass apps max-version check for daily/git release channels - [#33861](https://github.com/owncloud/core/issues/33861)
- Changed default link share name to be "Public link" - [#33879](https://github.com/owncloud/core/issues/33879) [#33955](https://github.com/owncloud/core/issues/33955)
- Set shipped apps max version to 10 in preparation for Semver switch - [#33496](https://github.com/owncloud/core/issues/33496)
- If only the patch level of an app's version changes no migrations will run - [#33218](https://github.com/owncloud/core/issues/33218) [#34138](https://github.com/owncloud/core/issues/34138)
- User/group deletion in users page now has a confirmation dialog - [#33626](https://github.com/owncloud/core/issues/33626)
- Disable browser autocomplete for password fields - [#32590](https://github.com/owncloud/core/issues/32590)
- Minor and patch updates of dependencies as at 20181126 - [#33683](https://github.com/owncloud/core/issues/33683)
- Bump @bower_components/browser-update from 2.0.1 to v2.0.2 in /build - [#34290](https://github.com/owncloud/core/issues/34290)
- Bump composer/xdebug-handler to 1.3.0 - [#32977](https://github.com/owncloud/core/issues/32977)
- Bump cryptiles from 3.1.2 to 3.1.4 in /build - [#33935](https://github.com/owncloud/core/issues/33935)
- Bump friendsofphp/php-cs-fixer (v2.13.0 => v2.14.0) - [#33290](https://github.com/owncloud/core/issues/33290) [#34012](https://github.com/owncloud/core/issues/34012) [#34040](https://github.com/owncloud/core/issues/34040)
- Bump handlebars from 4.0.11 to 4.0.12 in /build - [#32661](https://github.com/owncloud/core/issues/32661) [#34071](https://github.com/owncloud/core/issues/34071)
- Bump hoek from 4.2.0 to 4.2.1 in /build - [#33574](https://github.com/owncloud/core/issues/33574)
- Bump jakub-onderka/php-console-highlighter from 0.3.2 to 0.4 - [#32944](https://github.com/owncloud/core/issues/32944)
- Bump karma from 3.0.0 to 3.1.3 in /build - [#33256](https://github.com/owncloud/core/issues/33256) [#33343](https://github.com/owncloud/core/issues/33343) [#33737](https://github.com/owncloud/core/issues/33737)
- Bump league/flysystem from 1.0.46 to 1.0.48 - [#33199](https://github.com/owncloud/core/issues/33199)
- Bump lodash from 4.17.4 to 4.17.11 in /build - [#33754](https://github.com/owncloud/core/issues/33754)
- Bump pear/archive_tar from 1.4.3 to 1.4.5 - [#34080](https://github.com/owncloud/core/issues/34080)
- Bump phan 0.12.11 - [#34022](https://github.com/owncloud/core/issues/34022)
- Bump phpseclib/phpseclib from 2.0.11 to 2.0.13 - [#33433](https://github.com/owncloud/core/issues/33433) [#33922](https://github.com/owncloud/core/issues/33922)
- Bump punic 3.1.0 => 3.2.0 - [#33462](https://github.com/owncloud/core/issues/33462)
- Bump sabre/dav from 3.2.2 to 3.2.3 - [#33276](https://github.com/owncloud/core/issues/33276)
- Bump sinon from 6.2.0 to 7.1.1 - [#32825](https://github.com/owncloud/core/issues/32825) [#33073](https://github.com/owncloud/core/issues/33073) [#33306](https://github.com/owncloud/core/issues/33306) [#33373](https://github.com/owncloud/core/issues/33373)
- Bump marked from 0.3.7 to 0.3.19 in /build - [#33576](https://github.com/owncloud/core/issues/33576)
- Bump sabre xml 1.5.1 - [#34102](https://github.com/owncloud/core/issues/34102)
- Bump squizlabs/php_codesniffer 3.3.2=>3.4.0 - [#33940](https://github.com/owncloud/core/issues/33940)
- Bump sshpk from 1.13.1 to 1.16.0 in /build - [#33966](https://github.com/owncloud/core/issues/33966)
- Bump stringstream from 0.0.5 to 0.0.6 in /build - [#33755](https://github.com/owncloud/core/issues/33755)
- Bump symfony 3.4.15 to 3.4.20 - [#33001](https://github.com/owncloud/core/issues/33001) [#33460](https://github.com/owncloud/core/issues/33460) [#33667](https://github.com/owncloud/core/issues/33667) [#33821](https://github.com/owncloud/core/issues/33821)
- Bump symfony/polyfill components v1.9.0 => v1.10.0 - [#33377](https://github.com/owncloud/core/issues/33377)
- Bump symfony/translation from 3.4.17 to 3.4.18 - [#33429](https://github.com/owncloud/core/issues/33429)
- Bump webmozart/assert (1.3.0 => 1.4.0) - [#34015](https://github.com/owncloud/core/issues/34015)
- Bump zendframework/zend-inputfilter from 2.8.2 to 2.9.0 - [#33920](https://github.com/owncloud/core/issues/33920)
- Patch bumps punic pear-core-minimal xdebug-handler - [#33830](https://github.com/owncloud/core/issues/33830)
- Update moment JS to 2.22.2 - [#33650](https://github.com/owncloud/core/issues/33650)

### Removed

- Deprecate Sharing 1.0 APIs which will be removed in ownCloud 11 - [#33220](https://github.com/owncloud/core/issues/33220)
- Remove core/l10n from release build - [#33960](https://github.com/owncloud/core/issues/33960)

### Fixed

- Fix missing translations in the user settings module - [#34234](https://github.com/owncloud/core/issues/34234) [#34261](https://github.com/owncloud/core/issues/34261)
- Skip preview expiry when owner cannot be determined - [#34207](https://github.com/owncloud/core/issues/34207)
- Allow the testing app to not be in the default apps folder - [#34196](https://github.com/owncloud/core/issues/34196)
- Integrity check now detects renamed files properly - [#34085](https://github.com/owncloud/core/issues/34085)
- Fix up grammar mistake in console output - [#33947](https://github.com/owncloud/core/issues/33947)
- Expand occ user reset password email validation - [#33945](https://github.com/owncloud/core/issues/33945)
- Return 403 instead of 500 status when uploading into share without write permissions - [#33640](https://github.com/owncloud/core/issues/33640)
- Fix performance issue when fetching versions: do not iterate over all storages when only first is needed - [#33859](https://github.com/owncloud/core/issues/33859)
- Config sample fixes - [#33870](https://github.com/owncloud/core/issues/33870) [#33954](https://github.com/owncloud/core/issues/33954) [#34020](https://github.com/owncloud/core/issues/34020)
- Correction to default apps folder in config.sample.php - [#33912](https://github.com/owncloud/core/issues/33912)
- Fix system tags object mapper for Oracle - [#33772](https://github.com/owncloud/core/issues/33772)
- Adjust last login time when using auth modules - [#33752](https://github.com/owncloud/core/issues/33752)
- Disable share autocomplete endpoint for members of groups excluded from sharing - [#33736](https://github.com/owncloud/core/issues/33736)
- Fix issues with expiration date validation in public link dialog - [#33735](https://github.com/owncloud/core/issues/33735)
- List compatible apps instead of missing ones in occ upgrade process - [#33730](https://github.com/owncloud/core/issues/33730)
- Add background job to clean up orphaned DAV properties - [#33722](https://github.com/owncloud/core/issues/33722)
- Fix paginated iteration when syncing users - [#33698](https://github.com/owncloud/core/issues/33698)
- Cannot set 0 as value for config through OCC command - [#33643](https://github.com/owncloud/core/issues/33643)
- Fix for some upgrade path that led to DAV tables missing bigint conversion - [#33603](https://github.com/owncloud/core/issues/33603)
- Fix checksum verify command verbose mode and path argument handling - [#33610](https://github.com/owncloud/core/issues/33610)
- Fix form to enter initial password to properly display error message - [#33453](https://github.com/owncloud/core/issues/33453)
- File cache corruption check now only reports storage id once - [#33539](https://github.com/owncloud/core/issues/33539)
- Fix escaping of public share names - [#33419](https://github.com/owncloud/core/issues/33419)
- Update config.sample.php to fix a broken link - [#33518](https://github.com/owncloud/core/issues/33518)
- Add "uid" argument to Symfony login events for consistency - [#33470](https://github.com/owncloud/core/issues/33470)
- Prevent deletion of calendar group shares during cleanup - [#33394](https://github.com/owncloud/core/issues/33394)
- Fix upload avatar for LDAP users - [#33369](https://github.com/owncloud/core/issues/33369)
- Fix double escaping in email subject - [#33342](https://github.com/owncloud/core/issues/33342)
- Add missing type hints in code - [#33314](https://github.com/owncloud/core/issues/33314)
- Increase versions list performance by ignoring shared storages - [#33291](https://github.com/owncloud/core/issues/33291)
- Fix PROPFIND with Depth infinity requests through Sabre update - [#28341](https://github.com/owncloud/core/issues/28341)
- Adjust "has never logged in" text in occ command - [#33275](https://github.com/owncloud/core/issues/33275)
- Don't remove temporary file on failure when creating office file preview - [#33234](https://github.com/owncloud/core/issues/33234)
- Warning log about oc_readonly storage wrapper is now logged in debug level - [#33212](https://github.com/owncloud/core/issues/33212)
- Fix occ encrypt-all command to not attempt re-encrypting already encrypted files - [#33206](https://github.com/owncloud/core/issues/33206)
- Register areCredentialsValid as a sensitive logging method - [#32713](https://github.com/owncloud/core/issues/32713)
- Deletion of user now also updates storages applicable fields - [#32906](https://github.com/owncloud/core/issues/32906)
- Blacklist the method "setPassword" in stack traces - [#33176](https://github.com/owncloud/core/issues/33176)
- Fix wording in occ command help - [#33179](https://github.com/owncloud/core/issues/33179)
- Fix preLogin hook parameter inconsistencies - [#33185](https://github.com/owncloud/core/issues/33185)

## 10.0.10 - 2018-09-18
### Added
- Store user name in oc_preferences when provided by backend, use in external storage save in session mode [#32587](https://github.com/owncloud/core/pull/32587)
- Support JSON format for settings passed to occ system:config:set - [#32524](https://github.com/owncloud/core/issues/32524)
- occ decrypt-all command can now read password from an environment variable - [#32252](https://github.com/owncloud/core/issues/32252) [#32677](https://github.com/owncloud/core/issues/32677)
- Roave Security Advisories as a development dependency - [#31818](https://github.com/owncloud/core/issues/31818)
- Store timestamp when ownCloud was first installed - [#32000](https://github.com/owncloud/core/issues/32000)
- Symfony events for login action with token or Apache - [#31985](https://github.com/owncloud/core/issues/31985)
- Search API for files using Webdav REPORT and underlying search provider - [#31946](https://github.com/owncloud/core/issues/31946) [#32328](https://github.com/owncloud/core/issues/32328) [#32603](https://github.com/owncloud/core/issues/32603)
- Add information whether user can share to capabilities API - [#31824](https://github.com/owncloud/core/issues/31824)
- Reload the filelist view when accepting or rejecting a share - [#31798](https://github.com/owncloud/core/issues/31798)
- Allow different language in public link share email - [#31767](https://github.com/owncloud/core/issues/31767)
- Command files:scan now outputs items per second - [#32093](https://github.com/owncloud/core/issues/32093)
- New option to prevent users to share with specific system groups - [#31740](https://github.com/owncloud/core/issues/31740) [#32533](https://github.com/owncloud/core/issues/32533) [#32501](https://github.com/owncloud/core/issues/32501) [#32707](https://github.com/owncloud/core/issues/32707)
- Hook "loadAdditionalScripts" now also available for public link page - [#31944](https://github.com/owncloud/core/issues/31944)
- Add url parameter to files app which opens a specific sidebar tab - [#32202](https://github.com/owncloud/core/issues/32202)
- Retry chunks in web UI on stalled or timed out uploads - [#32170](https://github.com/owncloud/core/issues/32170) [#32335](https://github.com/owncloud/core/issues/32335)
- Add log entry for each migration that is run - [#32461](https://github.com/owncloud/core/issues/32461)
- Ability to create users and send them an email for password creation - [#32466](https://github.com/owncloud/core/issues/32466)
- Command for resetting password now supports sending reset email and outputting link - [#32500](https://github.com/owncloud/core/issues/32500)
- Added Phan static code analyzer to improve code quality - [#32492](https://github.com/owncloud/core/issues/32492)
- Added method in PHP share API to set password hashes directly - [#32572](https://github.com/owncloud/core/issues/32572)
- Experimental support for asynchronous MOVE operations - [#32414](https://github.com/owncloud/core/issues/32414)
- Config report now contains list of all migrations that have run, for easier debugging of update issues - [configreport/#68](https://github.com/owncloud/configreport/pull/68)

### Changed
- Update CA bundle - 2018-06-20 - [#32688](https://github.com/owncloud/core/issues/32688)
- Minimum desktop client version is 2.3.3 - [#32657](https://github.com/owncloud/core/issues/32657)
- Handle SSL certificate verifications for others than Let's Encrypt - [#31858](https://github.com/owncloud/core/issues/31858)
- Insufficient storage exception now logged with "debug" log level - [#31978](https://github.com/owncloud/core/issues/31978)
- Skip filecache repair step for version greater than 10.0.4 - [#31803](https://github.com/owncloud/core/issues/31803)
- Bump sinon from 2.4.1 to 6.2.0 in /build - [#32319](https://github.com/owncloud/core/issues/32319) [#32662](https://github.com/owncloud/core/issues/32662)
- Bump karma from 2.0.2 to 3.0.0 in /build - [#31892](https://github.com/owncloud/core/issues/31892) [#32197](https://github.com/owncloud/core/issues/32197) [#32317](https://github.com/owncloud/core/issues/32317)
- Bump behat/behat from 3.4.3 to 3.5.0 - [#32318](https://github.com/owncloud/core/issues/32318)
- Bump paragonie/random_compat v2.0.15 to v2.0.17 - [#32107](https://github.com/owncloud/core/issues/32107)
- Bump symfony/event-dispatcher from 3.4.12 to 3.4.13 - [#32199](https://github.com/owncloud/core/issues/32199)
- Bump symfony/console from 3.4.12 to 3.4.13 - [#32140](https://github.com/owncloud/core/issues/32140)
- Bump symfony/routing from 3.4.12 to 3.4.13 - [#32137](https://github.com/owncloud/core/issues/32137)
- Bump symfony/process from 3.4.12 to 3.4.13 - [#32135](https://github.com/owncloud/core/issues/32135)
- Bump symfony/translation from 3.4.12 to 3.4.13 - [#32198](https://github.com/owncloud/core/issues/32198)
- Bump symfony polyfill 1.8.0 to 1.9.0 - [#32255](https://github.com/owncloud/core/issues/32255)
- Bump swiftmailer/swiftmailer from 5.4.9 to 5.4.10 - [#32200](https://github.com/owncloud/core/issues/32200)
- Minor dependency bumps 2018-08-26 - [#32439](https://github.com/owncloud/core/issues/32439)
- Bump symfony 3.4.11 to 3.4.12 - [#31912](https://github.com/owncloud/core/issues/31912)
- Bump symfony 3.4.15 and zend-stdlib 3.2.1 - [#32499](https://github.com/owncloud/core/issues/32499)
- Allow slashes in generated resource routes in app framework - [#31939](https://github.com/owncloud/core/issues/31939)
- Email field is now default in user management page, users receive an email with token to set initial password - [#32466](https://github.com/owncloud/core/issues/32466) [#32648](https://github.com/owncloud/core/issues/32648) [#32636](https://github.com/owncloud/core/issues/32636) [#32672](https://github.com/owncloud/core/pull/32672) [#32672](https://github.com/owncloud/core/issues/32672) [#32685](https://github.com/owncloud/core/issues/32685) [#32690](https://github.com/owncloud/core/issues/32690)
- Split of config.sample.php into two files for core and apps - [#32554](https://github.com/owncloud/core/issues/32554) [#32634](https://github.com/owncloud/core/issues/32634)

### Removed
### Fixed
- Fix PHP 7.2 issue with ini_set - [#32538](https://github.com/owncloud/core/issues/32538)
- Prevent logging LDAP password in case of failure - [#32592](https://github.com/owncloud/core/pull/32592)
- Prevent passwords to be set to empty strings - [#32581](https://github.com/owncloud/core/pull/32581)
- Fix update issue related to oc_jobs when automatically enabling market app to assist for update in OC 10 - [#32573](https://github.com/owncloud/core/pull/32573)
- Trigger missing migrations in files_sharing app, adds indices and can speed up some instances - [#32562](https://github.com/owncloud/core/issues/32562)
- Fix issue with spam filters when sending public link emails - [#32542](https://github.com/owncloud/core/issues/32542)
- Fix version previews to fall back to icon when no preview provider is available - [#32474](https://github.com/owncloud/core/issues/32474)
- Fix master key recreation - [#32504](https://github.com/owncloud/core/issues/32504)
- Return correct status when IMip email delivery fails - [#32489](https://github.com/owncloud/core/issues/32489)
- Fix typos in config.sample.php - [#32496](https://github.com/owncloud/core/issues/32496)
- Don't check for avatar folder if not enabled - [#32490](https://github.com/owncloud/core/issues/32490)
- Add missing ILogger declaration in MigrationService - [#32473](https://github.com/owncloud/core/issues/32473) [#32475](https://github.com/owncloud/core/issues/32475)
- Fix JS tests for future Sinon JS update - [#32488](https://github.com/owncloud/core/issues/32488)
- Command to verify checksums is now more robust - [#32360](https://github.com/owncloud/core/issues/32360)
- Fix not allowed to share message - [#32429](https://github.com/owncloud/core/issues/32429)
- Update php doc to reflect proper return type - [#32427](https://github.com/owncloud/core/issues/32427)
- Catch more errors in SMB storage - [#32416](https://github.com/owncloud/core/issues/32416)
- Don't crash on filescan where folder has symlink - [#32408](https://github.com/owncloud/core/issues/32408)
- Fix issue with some special characters in queries - [#32412](https://github.com/owncloud/core/issues/32412)
- Use the core exception logger functionality in cron.php - [#32404](https://github.com/owncloud/core/issues/32404)
- Compare UIDs instead of objects when changing displayname - [#32409](https://github.com/owncloud/core/issues/32409)
- Compare UIDs instead of objects when changing email address - [#32391](https://github.com/owncloud/core/issues/32391)
- Improve performance when propagating size updates in file cache - [#32304](https://github.com/owncloud/core/issues/32304)
- Prevent current chunk assembly failing by setting the exclusive file lock earlier - [#32334](https://github.com/owncloud/core/issues/32334)
- Don't strip linebreaks in personal note of public link share - [#32331](https://github.com/owncloud/core/issues/32331)
- Let files be overwritten by rename operations on local storage instead of pre-deleting - [#32273](https://github.com/owncloud/core/issues/32273)
- Continue with upgrade even if the market app cannot be disabled - [#32324](https://github.com/owncloud/core/issues/32324)
- Versions app now works also when comments app is disabled - [#32208](https://github.com/owncloud/core/issues/32208)
- Fix two factor challenge page for when password has expired - [#32058](https://github.com/owncloud/core/issues/32058)
- Scanner now properly resets checksum whenever a file has changed remotely - [#32284](https://github.com/owncloud/core/issues/32284)
- Fix checksums not being updated on modifying shared file for objectstore - [#32364](https://github.com/owncloud/core/issues/32364)
- Accept email addresses with subdomains with hyphens for public link emails - [#32281](https://github.com/owncloud/core/issues/32281)
- Properly set installed_version flag when enabling app via provisioning api - [#32214](https://github.com/owncloud/core/issues/32214)
- Fix API response of pending shares when the state did not change - [#32156](https://github.com/owncloud/core/issues/32156)
- Read mtime from both JS properties in web UI upload for browser compatibility - [#32013](https://github.com/owncloud/core/issues/32013)
- Fix warning in logs while moving FutureFile after chunk assembly - [#32166](https://github.com/owncloud/core/issues/32166)
- Allow null in "Origin" header for third party clients that send it with WebDAV - [#32189](https://github.com/owncloud/core/issues/32189)
- Fix calendar or reminder insertion error via CalDAV on MacOS - [#32024](https://github.com/owncloud/core/issues/32024)
- Properly log failed message when token based authentication is enforced - [#31948](https://github.com/owncloud/core/issues/31948)
- Prevent share access to birthday calendar - [#31882](https://github.com/owncloud/core/issues/31882)
- Added space in display names of shared calendar/contact - [#31877](https://github.com/owncloud/core/issues/31877)
- Deleting a user now also properly deletes their external storages and storage assignations - [#32069](https://github.com/owncloud/core/issues/32069)
- Improve text about logging in config.sample.php - [#32049](https://github.com/owncloud/core/issues/32049)
- Use OC_DEFAULT_MODULE constant for encryption in core - [#31838](https://github.com/owncloud/core/issues/31838)
- Unset encrypted flag in file cache when running decrypt-all command - [#32027](https://github.com/owncloud/core/issues/32027)
- Fix decrypt of single user in decrypt-all command - [#32168](https://github.com/owncloud/core/issues/32168)
- Fix login exception in decrypt-all command - [#31986](https://github.com/owncloud/core/issues/31986)
- Properly clean up encryption keys after file deletion - [#31959](https://github.com/owncloud/core/issues/31959)
- Remove sensitive shared_secret data from occ config:list output - [#31997](https://github.com/owncloud/core/issues/31997)
- Fix file cache update function to properly handle empty string and nulls with Oracle - [#31996](https://github.com/owncloud/core/issues/31996)
- Fix bogus etag update when propagating etag for federated shares - [#31992](https://github.com/owncloud/core/issues/31992)
- Display all failed recipients when sending link share email - [#31935](https://github.com/owncloud/core/issues/31935) [#32633](https://github.com/owncloud/core/issues/32633)
- Lock public link share dialog while processing - [#31928](https://github.com/owncloud/core/issues/31928)
- AppManager text typo and PHPdoc return tags - [#31918](https://github.com/owncloud/core/issues/31918)
- Optimize file uploads with PUT method, with custom mtime, use storage instead of view - [#31891](https://github.com/owncloud/core/issues/31891)
- Optimize file uploads with PUT, don't fetch and update checksum again, reuse the one from part file - [#31768](https://github.com/owncloud/core/issues/31768)
- Do not throw an error when the same theme is enabled twice - [#31783](https://github.com/owncloud/core/issues/31783)
- Fix repair step that removes duplicate sub shares - [#31146](https://github.com/owncloud/core/issues/31146)
- Adjust code to follow coding standard - [#32116](https://github.com/owncloud/core/issues/32116)
- Fix overriding for gif images in themes for CLI scripts - [#32131](https://github.com/owncloud/core/issues/32131)
- Fix wording on password change page - [#32146](https://github.com/owncloud/core/issues/32146)
- Fixed mount config in frontend to only load once to avoid side effects - [#32095](https://github.com/owncloud/core/issues/32095)
- Don't urlencode group id to make it work with "/" and "%" - [#31109](https://github.com/owncloud/core/issues/31109)

## 10.0.9 - 2018-07-17
### Added
- Added account module middleware to be able to plug in logic after authentication - [#31883](https://github.com/owncloud/core/issues/31883) [#31933](https://github.com/owncloud/core/issues/31933)
- occ user:list now takes a list of attributes to display - [#31115](https://github.com/owncloud/core/issues/31115)
- Added Symfony events for user preference changes - [#31266](https://github.com/owncloud/core/issues/31266)
- Added Symfony events for public links shared by email - [#31632](https://github.com/owncloud/core/issues/31632)
- Added Symfony events for accept and reject for local shares - [#31702](https://github.com/owncloud/core/issues/31702)
- Added support for Imprint and Privacy Policy URLs in web UI and email footers - [#31666](https://github.com/owncloud/core/issues/31666) [#31699](https://github.com/owncloud/core/issues/31699) [#31730](https://github.com/owncloud/core/issues/31730) [#31766](https://github.com/owncloud/core/pull/31766)
- Added HTML template for lost password email - [#31144](https://github.com/owncloud/core/issues/31144)
- Received local shares can now trigger a notification to accept or reject them, also visible in "Shared with you" section - [#31613](https://github.com/owncloud/core/issues/31613) [#31886](https://github.com/owncloud/core/issues/31886)
- Rejected shares can now be accepted again in the "Shared with you" section - [#31613](https://github.com/owncloud/core/issues/31613)
- Provide original exception via logging events - [#31623](https://github.com/owncloud/core/issues/31623)
- Share autocomplete now displays useful tooltip when typing less characters - [#31729](https://github.com/owncloud/core/issues/31729)
- Added public Webdav API for versions using a new "meta" DAV endpoint - [#31729](https://github.com/owncloud/core/pull/29207) [#29637](https://github.com/owncloud/core/pull/29637) [#31805](https://github.com/owncloud/core/issues/31805) [#31801](https://github.com/owncloud/core/issues/31801)
- Added support for retrieving file previews using Webdav endpoint - [#29319](https://github.com/owncloud/core/pull/29319) [#30192](https://github.com/owncloud/core/pull/30192) [#31748](https://github.com/owncloud/core/issues/31748) [#31788](https://github.com/owncloud/core/issues/31788) [#31862](https://github.com/owncloud/core/issues/31862) [#31865](https://github.com/owncloud/core/issues/31865)
- Added versioning support for primary object store - [#29607](https://github.com/owncloud/core/pull/29607) [#31285](https://github.com/owncloud/core/pull/31285) [#31595](https://github.com/owncloud/core/pull/31595)

### Changed
- Updated ca-bundle.crt - [#31734](https://github.com/owncloud/core/issues/31734)
- Bump symfony to 3.4.8 and other pending minor bumps - [#31221](https://github.com/owncloud/core/issues/31221)
- Bump karma from 2.0.0 to 2.0.2 in /build - [#31253](https://github.com/owncloud/core/issues/31253)
- Bump karma-jasmine from 1.1.1 to 1.1.2 in /build - [#31378](https://github.com/owncloud/core/issues/31378)
- Bump karma-coverage from 1.1.1 to 1.1.2 in /build - [#31380](https://github.com/owncloud/core/issues/31380)
- Bump zendframework/zend-inputfilter from 2.8.1 to 2.8.2 - [#31431](https://github.com/owncloud/core/issues/31431)
- Bump icewind/smb from 1.1.0 to 3.0.0 in /apps/files_external/3rdparty - [#31521](https://github.com/owncloud/core/issues/31521)
- Bump symfony 3.4.9 to 3.4.11 - [#31571](https://github.com/owncloud/core/issues/31571)
- Update jsdoc requirement to ~3.5.5 - [#30036](https://github.com/owncloud/core/issues/30036)
- Removed example theme which now lives in the [theme-example repository](https://github.com/owncloud/theme-example) - [#31447](https://github.com/owncloud/core/issues/31447)
- A user who is a member of multiple groups is now excluded from sharing if at least one of their group is configured for exclusion - [#31737](https://github.com/owncloud/core/issues/31737) [#31822](https://github.com/owncloud/core/issues/31822)
- Changed back default minimum search characters to 2 for share autocomplete due to confusion - [#31729](https://github.com/owncloud/core/issues/31729)
- Files app UI now uses new versions API through the "meta" DAV endpoint - [#29607](https://github.com/owncloud/core/pull/29607)

### Removed
- Removed old private ajax API for previews, deprecated by DAV endpoint support - [#30254](https://github.com/owncloud/core/pull/30254)
- Bookmarks certificate was removed - [#31878](https://github.com/owncloud/core/issues/31878)

### Fixed
- Adjustments for the notifications messages of the sharing apps - [#31947](https://github.com/owncloud/core/issues/31947)
- Disable jquery globalEval - [#31972](https://github.com/owncloud/core/issues/31972)
- Work around Edge browser memory leak in web UI chunked upload - [#31884](https://github.com/owncloud/core/issues/31884)
- Don't fail if ISqlMigration doesn't return anything - [#31779](https://github.com/owncloud/core/issues/31779)
- Fixed restoring of versions for single file shares - [#31681](https://github.com/owncloud/core/issues/31681)
- Group admins are not able to create groups any more using provisioning API - [#31738](https://github.com/owncloud/core/issues/31738)
- Fix Oracle for queries using ILIKE operator - [#31466](https://github.com/owncloud/core/issues/31466)
- Improve user-sync command help description - [#31691](https://github.com/owncloud/core/issues/31691)
- Fix deletion and restoration of files in trashbin in some partial selection scenarios - [#31700](https://github.com/owncloud/core/issues/31700)
- Do not load the code of disabled theme apps - [#31478](https://github.com/owncloud/core/issues/31478)
- Fix encrypt-all and decrypt-all commands to keep shares when encrypting - [#31600](https://github.com/owncloud/core/issues/31600) [#31590](https://github.com/owncloud/core/issues/31590)
- Proceed with encrypt-all command by enabling user-keys if no mode is selected by user - [#31612](https://github.com/owncloud/core/issues/31612)
- Validate maximum length of a username - [#31664](https://github.com/owncloud/core/issues/31664)
- Save timezone as given during login - [#31493](https://github.com/owncloud/core/issues/31493)
- Fix checksum computation to not apply on read-write streams to avoid potential mismatch results - [#31619](https://github.com/owncloud/core/issues/31619)
- Exclude uploads directory from read-only cache mask, fixes guest app chunked uploads - [#31596](https://github.com/owncloud/core/issues/31596)
- Properly normalize paths for event, no &$magic needed - [#31689](https://github.com/owncloud/core/issues/31689)
- Use the correct user id in login related Symfony events - [#31605](https://github.com/owncloud/core/issues/31605)
- Fix public link dialog issue when collaborative tags app is disabled - [#31581](https://github.com/owncloud/core/issues/31581)
- Fix updating public link share in transfer ownership command - [#31176](https://github.com/owncloud/core/issues/31176) [#31953](https://github.com/owncloud/core/issues/31953)
- Do not set the password again if it hasn't changed - [#31370](https://github.com/owncloud/core/issues/31370)
- Use correct l10n to translate 'password was changed' email - [#31553](https://github.com/owncloud/core/issues/31553)
- Improve text in settings/personal App Password - [#31539](https://github.com/owncloud/core/issues/31539)
- Fix default language code example - [#31448](https://github.com/owncloud/core/issues/31448)
- Fix double slash in versioning file copy events - [#31452](https://github.com/owncloud/core/issues/31452)
- Split public password enforced capabilities based on a config - [#31499](https://github.com/owncloud/core/issues/31499)
- Fix bogus exceptions related to missing DAV nodes after deletion - [#31479](https://github.com/owncloud/core/issues/31479)
- Fix enabling of users by group admins in the web UI - [#31489](https://github.com/owncloud/core/issues/31489)
- Fix AccountMapper to return an object or throw an exception - [#31445](https://github.com/owncloud/core/issues/31445)
- Proper handling of exceptions in UserManager - [#31446](https://github.com/owncloud/core/issues/31446)
- Properly cache non-existing user in UserManager - [#31446](https://github.com/owncloud/core/issues/31446)
- Update verify checksums console output to flow more naturally - [#31449](https://github.com/owncloud/core/issues/31449)
- Subadmin shouldn't be able to add users to their groups via API - [#31337](https://github.com/owncloud/core/issues/31337)
- Catch duplicate inserts in token table - [#31460](https://github.com/owncloud/core/pull/31460) [#31794](https://github.com/owncloud/core/issues/31794) [#32041](https://github.com/owncloud/core/pull/32041)
- Fix overflowing public share names in the share panel - [#31369](https://github.com/owncloud/core/issues/31369)
- Fix occ user:sync to sync quota from preferences after upgrade if backend provided no quota - [#31360](https://github.com/owncloud/core/issues/31360)
- Fix for Redis dev editions - [#31282](https://github.com/owncloud/core/issues/31282)
- Fix mail debug message recipient field - [#31227](https://github.com/owncloud/core/issues/31227)
- Prevent infinite loop in case of error in "log" event handler - [#31247](https://github.com/owncloud/core/issues/31247)
- Fix HTTP status code when uploading virus-infected files - [#31260](https://github.com/owncloud/core/issues/31260)
- Add back robots.txt in the release - [#31248](https://github.com/owncloud/core/issues/31248)

## 10.0.8 - 2018-04-27
### Added
- Added option for user:sync to reenable formerly disabled users - [#31124](https://github.com/owncloud/core/pull/31124)
- Ability to log extra JSON fields - [#31121](https://github.com/owncloud/core/issues/31121)
- Trigger event when logging - [#31121](https://github.com/owncloud/core/issues/31121)
- Added command to verify and fix checksums - [#31008](https://github.com/owncloud/core/pull/31008)
- Introduce seen and single user sync command line features - [#31025](https://github.com/owncloud/core/issues/31025) [#31032](https://github.com/owncloud/core/issues/31032)
- Added config setting to specify minimum characters for sharing autocomplete - [#30994](https://github.com/owncloud/core/issues/30994) [#31067](https://github.com/owncloud/core/issues/31067) [#31160](https://github.com/owncloud/core/pull/31160)
- Added personal note field for link share email - [#30486](https://github.com/owncloud/core/issues/30486) [#30571](https://github.com/owncloud/core/issues/30571) [#30813](https://github.com/owncloud/core/issues/30813) [#31057](https://github.com/owncloud/core/issues/31057) [#31201](https://github.com/owncloud/core/pull/31201) [#31212](https://github.com/owncloud/core/pull/31212)
- Add conditional Logging target logfile for shared_secret and users - [#30443](https://github.com/owncloud/core/issues/30443)
- Add option to disable link share password enforcement for write-only shares - [#30408](https://github.com/owncloud/core/issues/30408) [#30774](https://github.com/owncloud/core/issues/30774) [#30787](https://github.com/owncloud/core/issues/30787)
- Add Webdav-Location header in private link redirect - [#30387](https://github.com/owncloud/core/issues/30387) [#30595](https://github.com/owncloud/core/issues/30595)
- Make syslog output configurable, introduce new default that includes the request id - [#30346](https://github.com/owncloud/core/issues/30346)
- Added "uid" parameter to "validatePassword" events - [#30334](https://github.com/owncloud/core/issues/30334)
- Added new API event for zip file download - [#30067](https://github.com/owncloud/core/issues/30067)
- Added new API event for public link creation - [#30067](https://github.com/owncloud/core/issues/30067)
- Added log entry when the "data-fingerprint" command was run - [#30281](https://github.com/owncloud/core/issues/30281)
- Added "heic" and "heif" as image mime types for thumbnails - [#30108](https://github.com/owncloud/core/issues/30108)
- Added new API events for commenting actions - [#30142](https://github.com/owncloud/core/issues/30142)
- Added "register notifier" event for use with the notification emails feature - [#30613](https://github.com/owncloud/core/issues/30613)
- Added group option to files:scan command - [#30615](https://github.com/owncloud/core/issues/30615)
- Added warning if no files to process in occ files:transfer-ownership command - [#30612](https://github.com/owncloud/core/issues/30612)
- Added user:modify command to core - [#30652](https://github.com/owncloud/core/issues/30652)
- Added config switch to enable fallback to http scheme when creating fed shares - [#30646](https://github.com/owncloud/core/issues/30646) [#31196](https://github.com/owncloud/core/issues/31196)
- Added repair step for orphaned sub-shares - [#30695](https://github.com/owncloud/core/issues/30695)
- Added repair step to fix orphaned reshares - [#31004](https://github.com/owncloud/core/issues/31004)
- Added Symfony events for configuration changes (config.php and appconfig) - [#30788](https://github.com/owncloud/core/issues/30788) [#30937](https://github.com/owncloud/core/issues/30937) [#31107](https://github.com/owncloud/core/issues/31107)
- Added Symfony event to let apps resolve private links - [#30911](https://github.com/owncloud/core/issues/30911)
- Added Symfony events for delete and create share - [#31026](https://github.com/owncloud/core/issues/31026)
- Added Symfony events for updating share attributes (expiration, password, name) - [#31120](https://github.com/owncloud/core/issues/31120)
- Added Symfony events for group membership events - [#31003](https://github.com/owncloud/core/issues/31003)
- Added Symfony events for feature change in group admin - [#31132](https://github.com/owncloud/core/issues/31132)
- Added config.php option to select apps to ignore missing signature file (mostly for themes) - [#30891](https://github.com/owncloud/core/issues/30891) [#31066](https://github.com/owncloud/core/issues/31066)
- Added ability for full-page frontend-only apps in info.xml - [#30918](https://github.com/owncloud/core/issues/30918)
- More user-friendly email address input and handling in link share dialog - [#30945](https://github.com/owncloud/core/issues/30945) [#31142](https://github.com/owncloud/core/issues/31142)

### Changed
- Set minimum php version to 5.6 in composer.json - [#31100](https://github.com/owncloud/core/issues/31100)
- Bump PHP to 5.6.33 in composer - [#30403](https://github.com/owncloud/core/issues/30403)
- Bump phpseclib/phpseclib from 2.0.3 to 2.0.10 - [#30052](https://github.com/owncloud/core/issues/30052) [#30537](https://github.com/owncloud/core/issues/30537)
- Bump phpunit and symfony/translation to match master - [#30410](https://github.com/owncloud/core/issues/30410)
- Bump guzzlehttp/guzzle from 5.3.1 to 5.3.2 - [#30217](https://github.com/owncloud/core/issues/30217)
- Bump lukasreschke/id3parser from 0.0.1 to 0.0.3 - [#30085](https://github.com/owncloud/core/issues/30085)
- Bump symfony to 3.4.5 - [#30689](https://github.com/owncloud/core/issues/30689)
- Bump symfony/translation from 3.2.4 to 3.3.16 - [#30380](https://github.com/owncloud/core/issues/30380)
- Bump latest symfony and sabre/vobject point versions - [#30266](https://github.com/owncloud/core/issues/30266)
- Bump karma from 1.5.0 to 2.0.0 in /build - [#30050](https://github.com/owncloud/core/issues/30050)
- Bump punic/punic from 1.6.5 to 3.1.0 - [#30550](https://github.com/owncloud/core/issues/30550)
- Bump symfony to 3.4.6 and Sabre vobject to 4.1.5 - [#30768](https://github.com/owncloud/core/issues/30768)
- Bump sabre/http from 4.2.3 to v4.2.4 - [#30599](https://github.com/owncloud/core/issues/30599)
- Bump jakub-onderka/php-parallel-lint from 0.9.2 to 1.0.0 - [#30626](https://github.com/owncloud/core/issues/30626)
- Bump behat/mink-extension from 2.3.0 to 2.3.1 - [#30706](https://github.com/owncloud/core/issues/30706)
- Bump league/flysystem from 1.0.42 to 1.0.43 - [#30704](https://github.com/owncloud/core/issues/30704)
- Update composer in stable10 with versions as at 2018-02-07 - [#30390](https://github.com/owncloud/core/issues/30390)
- Renamed SMB logging config.php settings from "wnd" to "smb" - [#30244](https://github.com/owncloud/core/issues/30244)
- Improved error messages in user:delete command - [#30164](https://github.com/owncloud/core/issues/30164)
- Validate email address in mail settings section - [#30315](https://github.com/owncloud/core/issues/30315)
- Only decrypt users who have already logged in with decrypt-all occ command - [#30640](https://github.com/owncloud/core/issues/30640)
- Replace usage of "create_function" in PHP - [#30714](https://github.com/owncloud/core/issues/30714)
- Provisioning API can now properly set default or zero quota - [#30755](https://github.com/owncloud/core/issues/30755)
- User quota setting can be queried through provisioning API - [#30850](https://github.com/owncloud/core/issues/30850)

### Removed
- Removed private oc_current_user Javascript variable - [#30486](https://github.com/owncloud/core/issues/30486) [#30556](https://github.com/owncloud/core/issues/30556)
- Remove app store config values from config.sample.php - [#30422](https://github.com/owncloud/core/issues/30422)
- Remove documentation of the theme option in config.sample.php - [#30350](https://github.com/owncloud/core/issues/30350)
- Remove unused config.sample.php parameters - [#30933](https://github.com/owncloud/core/issues/30933) [#30812](https://github.com/owncloud/core/issues/30812)
- Remove "Unlimited" word from quota report in personal page - [#31041](https://github.com/owncloud/core/issues/31041)

### Fixes
- Prevent background scan to scan homes of users who never logged in - [#31189](https://github.com/owncloud/core/issues/31189)
- Properly align three button dialogs - [#31147](https://github.com/owncloud/core/issues/31147)
- Many documentation improvements in config.sample.php - [#31114](https://github.com/owncloud/core/issues/31114) [#31127](https://github.com/owncloud/core/issues/31127) [#31128](https://github.com/owncloud/core/issues/31128) [#31068](https://github.com/owncloud/core/issues/31068) [#31173](https://github.com/owncloud/core/issues/31173) [#31182](https://github.com/owncloud/core/pull/31182)
- Fix some documentation paths in config.sample.php - [#30431](https://github.com/owncloud/core/issues/30431)
- Fix App Framework ApiContoller initialization to fix thumbnail access - [#31104](https://github.com/owncloud/core/issues/31104) [#31183](https://github.com/owncloud/core/pull/31183)
- Check apache auth on login form - [#31074](https://github.com/owncloud/core/issues/31074)
- Check basic auth credentials periodically after a timeout instead of 窶ヲ - [#31076](https://github.com/owncloud/core/issues/31076)
- Email autocomplete in link share dialog will not return local/federated users any more, only contacts - [#30998](https://github.com/owncloud/core/issues/30998)
- Fix settings page where elements are inline when they shouldn't - [#30988](https://github.com/owncloud/core/issues/30988)
- Do not log errors when uploading forbidden file format - [#30991](https://github.com/owncloud/core/issues/30991)
- Fix upload issue by replacing emittingCall with separate before and after events - [#30986](https://github.com/owncloud/core/issues/30986)
- Fix Symfony event emittingCall by adding return - [#31045](https://github.com/owncloud/core/issues/31045)
- Properly trigger file-related Symfony events when chunking - [#31087](https://github.com/owncloud/core/issues/31087)
- Remove unsupported "enable for groups" field for theme apps - [#30948](https://github.com/owncloud/core/issues/30948)
- Added OneNote 2016 user agent string to make it work with Webdav - [#30965](https://github.com/owncloud/core/issues/30965)
- Refactored metadata sync code to unify behavior across all login methods - [#30638](https://github.com/owncloud/core/issues/30638)
- Mask "marketplace.key" in config list as it is sensitive - [#30917](https://github.com/owncloud/core/issues/30917)
- Polish totp middleware a little - [#30849](https://github.com/owncloud/core/issues/30849)
- Set empty authtoken names to 'none' as empty is not allowed any more - [#30908](https://github.com/owncloud/core/issues/30908)
- Fix CORS OPTIONS request for unauthenticated requests - [#30912](https://github.com/owncloud/core/issues/30912)
- Treat any unknown app version as 0.0.1 - [#30890](https://github.com/owncloud/core/issues/30890)
- Ignore multiple slashes in http path - [#30854](https://github.com/owncloud/core/issues/30854)
- Initialize root folder service later to fix user backend registration order issue - [#30810](https://github.com/owncloud/core/issues/30810)
- Remove implicit login in base.php to remove bogus "Login failed" logs - [#30814](https://github.com/owncloud/core/issues/30814)
- Use storage specific move operation for object store - [#30817](https://github.com/owncloud/core/issues/30817)
- Fix webUI display of group containing numeric username - [#30811](https://github.com/owncloud/core/issues/30811)
- Fix calendar changes limit - [#30816](https://github.com/owncloud/core/issues/30816)
- Properly use error exit code for unsupported PHP version - [#30780](https://github.com/owncloud/core/issues/30780)
- Unbrand Personal security sessions message - [#30754](https://github.com/owncloud/core/issues/30754)
- Propagate move exception messages to the frontend - [#30791](https://github.com/owncloud/core/issues/30791)
- Fix chunk size comparison for big values on 32-bit systems - [#30772](https://github.com/owncloud/core/issues/30772)
- Make error origin more distinguishable in some filesystem code paths - [#30682](https://github.com/owncloud/core/issues/30682)
- Don't send emails when importing calendar/events - [#30666](https://github.com/owncloud/core/issues/30666)
- Adding a system configuration for global CORS domains - [#30906](https://github.com/owncloud/core/issues/30906)
- Better label for CORS in settings section - [#30663](https://github.com/owncloud/core/issues/30663)
- Allow regular users to change their CORS domains - [#30649](https://github.com/owncloud/core/issues/30649)
- Catch session unavailable exception - [#30347](https://github.com/owncloud/core/issues/30347) [#30623](https://github.com/owncloud/core/issues/30623)
- Proper HTTP status code on login exception - [#30639](https://github.com/owncloud/core/issues/30639)
- Fix file mtime issue on 32-bit systems - [#30546](https://github.com/owncloud/core/issues/30546)
- Fixing logout for app password scenario - [#30591](https://github.com/owncloud/core/issues/30591)
- Fix wording if you are not a member of any groups - [#30558](https://github.com/owncloud/core/issues/30558)
- Fix for error when querying non present log_secret - [#30470](https://github.com/owncloud/core/issues/30470)
- Properly create a session for a pure token based request, fixed oauth2 issues - [#30542](https://github.com/owncloud/core/issues/30542)
- Free resources in preview providers - [#30533](https://github.com/owncloud/core/issues/30533)
- Continue in case of rare error in files:scan repair command - [#30494](https://github.com/owncloud/core/issues/30494) [#30618](https://github.com/owncloud/core/issues/30618) [#30959](https://github.com/owncloud/core/issues/30959)
- Make theming work when theme app is outside the ownCloud root - [#30477](https://github.com/owncloud/core/issues/30477)
- Don't try decrypting federated shares in decrypt-all command - [#30155](https://github.com/owncloud/core/issues/30155)
- Keep null in getMetaData in Checksum storage wrapper, fixes some files:scan scenarios - [#30302](https://github.com/owncloud/core/issues/30302)
- Modals dialogs can now scroll, improves link share dialog UX - [#30424](https://github.com/owncloud/core/issues/30424)
- Adjust link share wording and fix translations - [#31036](https://github.com/owncloud/core/issues/31036)
- Fix failure of shares which are already moved with transfer ownership - [#30161](https://github.com/owncloud/core/issues/30161)
- Return 403 instead of 503 to resume syncing of desktop client - [#30353](https://github.com/owncloud/core/issues/30353)
- Guide users to also check spelling for typos in federated share id - [#30355](https://github.com/owncloud/core/issues/30355)
- Fixed issue with number of hidden files not updating on renaming a file - [#30359](https://github.com/owncloud/core/issues/30359)
- Fix deleted items auto expiration for users with no quota - [#30163](https://github.com/owncloud/core/issues/30163)
- Fix validation for new encryption storage key location - [#30357](https://github.com/owncloud/core/issues/30357)
- Fix some CSRF issues on Webdav endpoint by only checking for POST method - [#30358](https://github.com/owncloud/core/issues/30358)
- Prevent share icon from shrinking with long texts - [#31163](https://github.com/owncloud/core/pull/31163)
- Fixed regression where a user could not set own email address in the settings page - [#30319](https://github.com/owncloud/core/issues/30319)
- Fix caldav and carddav syncing when dealing with lots of data - [#30252](https://github.com/owncloud/core/issues/30252)
- Don't restrain width of icon-logo - [#30282](https://github.com/owncloud/core/issues/30282)
- Check trashbin permissions before moving to trash, fixes deletion as guest user - [#30240](https://github.com/owncloud/core/issues/30240)
- Handle no read access to skeleton - [#30241](https://github.com/owncloud/core/issues/30241)
- Fix file name escaping in error messages in web UI related to file operations - [#30193](https://github.com/owncloud/core/issues/30193)
- Proper error message when trying to add user to a group they are already member of in web UI - [#30194](https://github.com/owncloud/core/issues/30194)
- Show new basename and extension while waiting for rename operation to finish in web UI - [#30040](https://github.com/owncloud/core/issues/30040)
- Fix app author parsing in apps page - [#30043](https://github.com/owncloud/core/issues/30043)
- Validate system path data used in findBinaryPath - [#30061](https://github.com/owncloud/core/issues/30061)
- Fix deletion of group with special characters in web UI - [#30111](https://github.com/owncloud/core/issues/30111)
- Fix missing preview in file upload conflict window - [#30125](https://github.com/owncloud/core/issues/30125)
- Fix files endpoint bug when downloading vCard - [#30149](https://github.com/owncloud/core/issues/30149)
- Properly filter link share email parameters - [#30165](https://github.com/owncloud/core/issues/30165)
- Filter sender display name in mail notification handler - [#31056](https://github.com/owncloud/core/issues/31056)
- Filter file name when sending internal mail - [#31046](https://github.com/owncloud/core/issues/31046)
- Convert null to empty string for Oracle in file cache accessor - [#30224](https://github.com/owncloud/core/issues/30224)
- Use LargeFileHelper to calculate log file size - fixes #30227 - [#30234](https://github.com/owncloud/core/issues/30234)

## 10.0.7 - 2018-01-19
### Fixed
- Fix various issues about null user errors - [#30450](https://github.com/owncloud/core/issues/30450)
- Solve OAuth token expiry issue - [#30481](https://github.com/owncloud/core/issues/30481)
- Fixed issues related to app passwords and account lock-outs - [#30363](https://github.com/owncloud/core/issues/30363)

## 10.0.6 - 2018-01-29
### Fixed
- Fix missing build dependency for L18N - [#30265](https://github.com/owncloud/core/pull/30265)

## 10.0.5 - 2018-01-23
### Added
- Add php-intl as hard requirement - [#29539](https://github.com/owncloud/core/issues/29539)
- Optionally show server hostname in status.php - [#29471](https://github.com/owncloud/core/issues/29471)
- Add link for logfiles docs in exception page and simplify text - [#29674](https://github.com/owncloud/core/issues/29674)
- Link to trusted domains docs in error message - [#29730](https://github.com/owncloud/core/issues/29730)
- Add indices on share table - [#29883](https://github.com/owncloud/core/issues/29883) [#29592](https://github.com/owncloud/core/issues/29592)
- Add dispatcher event for "unshare from self" action - [#29851](https://github.com/owncloud/core/issues/29851)
- Technology preview for PHP 7.2 support - [#29878](https://github.com/owncloud/core/issues/29878)
- Added public hooks for file operations using Symfony Event Dispatcher - [#29939](https://github.com/owncloud/core/issues/29939)
- Expose getAppPath() and getAppWebPath() on the AppManager service [#30041](https://github.com/owncloud/core/pull/30041) [#30150](https://github.com/owncloud/core/pull/30150)
- Add warning in settings page when running in debug mode - [#29936](https://github.com/owncloud/core/issues/29936)

### Changed
- Switch Webdav URL in field in navigation panel to the new endpoint - [#29766](https://github.com/owncloud/core/issues/29766)
- Require a minimum of 1 character for the application password name - [#29831](https://github.com/owncloud/core/issues/29831)
- Only allow a single active theme app with no magic fallbacks to inactive app themes  - [#29854](https://github.com/owncloud/core/issues/29854)
- Config report now hides email address from email config - [#29949](https://github.com/owncloud/core/issues/29949)
- Change "remote" to "federated" suffix in sharing autocomplete dialog. - [#30046](https://github.com/owncloud/core/issues/30046) [#30171](https://github.com/owncloud/core/issues/30171)

### Removed
- Removed old Dropbox storage backend, people should use the [files_external_dropbox app](https://github.com/owncloud/files_external_dropbox/) instead - [#29135](https://github.com/owncloud/core/issues/29135)
- Revoke tasks.crt - [#29882](https://github.com/owncloud/core/issues/29882)
- Remove unused composer dependency on natxet/CssMin - [#29930](https://github.com/owncloud/core/issues/29930)

### Fixed
- Fix Dropbox / GDrive oauth handshake handling - [#30071](https://github.com/owncloud/core/pull/30071)
- Redisplay login page on CSRF error - [#30035](https://github.com/owncloud/core/issues/30035)
- Do not reset display name to uid on sso login - [#30038](https://github.com/owncloud/core/issues/30038)
- Do not automatically disable apps of certain types - [#29870](https://github.com/owncloud/core/issues/29870)
- Fix provisioning API when dealing with group name "0" - [#30004](https://github.com/owncloud/core/issues/30004)
- Tweak occ command help output - [#29959](https://github.com/owncloud/core/issues/29959)
- Now using upsert instead of insertIfNotExists for file cache updates, fixes concurrency issues - [#29934](https://github.com/owncloud/core/issues/29934)
- Only set CORS headers on Webdav endpoint when Origin header is specified - [#29874](https://github.com/owncloud/core/issues/29874)
- Ignore broken/dead symlinks on filescan - [#28959](https://github.com/owncloud/core/issues/28959)
- Improve performance by caching non-existing accounts - [#29866](https://github.com/owncloud/core/issues/29866)
- Fix template location order by searching the enabled theme app first - [#29867](https://github.com/owncloud/core/issues/29867)
- Actually log message instead of {$message} - [#29844](https://github.com/owncloud/core/issues/29844)
- Improved performance on new DAV endpoint by skipping querying parent nodes - [#29834](https://github.com/owncloud/core/issues/29834)
- Adjust error message about PHP compatibility to say PHP X.X like previous line. - [#29828](https://github.com/owncloud/core/issues/29828)
- Raise more useful message when constructor are not resolvable - [#29760](https://github.com/owncloud/core/issues/29760)
- Fix wording for versions expiration occ command - [#29671](https://github.com/owncloud/core/issues/29671)
- Handle invalid or missing external storage backend to keep mount point visible - [#29562](https://github.com/owncloud/core/issues/29562)
- Fix integrity check when owncloud is not installed - [#29692](https://github.com/owncloud/core/issues/29692)
- Fix issues about unsharing with some scenarios after moving the share - [#29716](https://github.com/owncloud/core/issues/29716)
- Allow group 0 to be created by provisioning API - [#29734](https://github.com/owncloud/core/issues/29734)
- Do not reset quota if it was not provided - [#29673](https://github.com/owncloud/core/issues/29673)
- Improve quota value validation - check size only if size key is set - [#29743](https://github.com/owncloud/core/issues/29743)
- Code cleanup - [#29799](https://github.com/owncloud/core/issues/29799)

## 10.0.4 - 2017-12-06
### Added
- Added support for eml mimetype - [#29204](https://github.com/owncloud/core/issues/29204)
- Added "occ dav:cleanup-chunks" command to clean up expired uploads - [#29180](https://github.com/owncloud/core/issues/29180)
- Added "occ files:scan" repair mode to repair mismatch filecache paths - [#29074](https://github.com/owncloud/core/issues/29074) [#29232](https://github.com/owncloud/core/issues/29232)
- Added occ command to change/recreate master-key - [#29260](https://github.com/owncloud/core/issues/29260) [#29735](https://github.com/owncloud/core/issues/29735)
- Detailed mode for "occ security:routes" - [#29095](https://github.com/owncloud/core/issues/29095)
- Webdav property to retrieve a private link to files or folders - [#29041](https://github.com/owncloud/core/issues/29041)
- CORS support for public API routes - [#28852](https://github.com/owncloud/core/issues/28852) [#29741](https://github.com/owncloud/core/issues/29741) [#29749](https://github.com/owncloud/core/issues/29749)
- More "files_sharing" capabilities entries - [#29040](https://github.com/owncloud/core/issues/29040)
- Display server name in admin page, don't show in status.php - [#28938](https://github.com/owncloud/core/issues/28938)
- Validate public link mail on the client side - [#29042](https://github.com/owncloud/core/issues/29042)
- Expose XHR response in share dialog autocomplete callback for extensions - [#29231](https://github.com/owncloud/core/issues/29231)
- Let apps provide icons for settings sections - [#29358](https://github.com/owncloud/core/issues/29358)
- Added cancellable prehooks for logout operation - [#29352](https://github.com/owncloud/core/issues/29352)
- Markdown support for app descriptions in apps settings panel - [#29333](https://github.com/owncloud/core/issues/29333)
- Add option to allow user to share only with the groups they belong to - [#29391](https://github.com/owncloud/core/issues/29391)
- Cacheable storage adapter for use by Flysystem based external storage backends - [#29414](https://github.com/owncloud/core/issues/29414)
- Add user additional info field for share autocomplete  - [#29457](https://github.com/owncloud/core/issues/29457)
- Add dispatcher event for remote fed shares - [#29482](https://github.com/owncloud/core/issues/29482)
- Adding mode of operations - either single-instance or clus窶ヲ - [#29492](https://github.com/owncloud/core/issues/29492)
- Added support for MariaDB 10.2.7+ - [#29240](https://github.com/owncloud/core/issues/29240)
- Admins can now exclude files from integrity check in config.php - [#29460](https://github.com/owncloud/core/issues/29460)
- Use X-Request-ID header as request id if provided by client, useful for logging - [#29434](https://github.com/owncloud/core/issues/29434)
- Added authentication headers verification to validate the session - [#29525](https://github.com/owncloud/core/issues/29525)
- Added IServiceLoader on server container to load app service classes from XML tags in info.xml - [#29525](https://github.com/owncloud/core/issues/29525)
- Trigger events for federated shares - [#29566](https://github.com/owncloud/core/issues/29566)

### Changed
- Exclude mimetypelist.js from integrity check - [#29048](https://github.com/owncloud/core/issues/29048) [#29316](https://github.com/owncloud/core/issues/29316)
- Refactor set and reset of capabilities - [#29200](https://github.com/owncloud/core/issues/29200)
- All amazon locations support v4 now - v3 deprecated - [#29153](https://github.com/owncloud/core/issues/29153)
- Modified time value of files is now 64 bits long - [#28961](https://github.com/owncloud/core/issues/28961)
- User names must now be at least 3 characters long - [#29237](https://github.com/owncloud/core/issues/29237)
- AccountMapper get by email is now case insensitive - [#29341](https://github.com/owncloud/core/issues/29341)
- Remove deprecated federated share API warning as it needlessly pollutes logs - [#29364](https://github.com/owncloud/core/issues/29364)
- Improve UI for public link sharing permissions for folders - [#29413](https://github.com/owncloud/core/issues/29413)
- Replace notify user for local shares with button - [#29463](https://github.com/owncloud/core/issues/29463)
- Log out current user after submitting form in password reset page - [#29464](https://github.com/owncloud/core/issues/29464)
- Update minimum supported browser versions - [#29507](https://github.com/owncloud/core/issues/29507)
- Admins can now change display name even when its modification is disallowed for regular users - [#29442](https://github.com/owncloud/core/issues/29442)

### Removed
- Remove AvatarPermissions repair step - [#29202](https://github.com/owncloud/core/issues/29202)
- Remove unused FTP code - [#29186](https://github.com/owncloud/core/issues/29186)
- Remove app store related code obsoleted by market app - [#29249](https://github.com/owncloud/core/issues/29249)
- Remove a route to removed script - [#29553](https://github.com/owncloud/core/issues/29553)

### Fixed
- Corrected namespace for OC\Memcache\ArrayCache which caused errors on some environments - [#29219](https://github.com/owncloud/core/issues/29219)
- External storage Javascript code from apps is now loaded correctly (fixes Dropbox app and others) - [#29225](https://github.com/owncloud/core/issues/29225)
- Use product name from theme - [#29251](https://github.com/owncloud/core/issues/29251)
- Make sure the external storage folder name is editable when returning from OAuth authorization - [#29253](https://github.com/owncloud/core/issues/29253)
- Fix duplicate external storage config that appear sometimes when returning from OAuth authorization - [#29254](https://github.com/owncloud/core/issues/29254)
- Log exceptions in decrypt-all command - [#29248](https://github.com/owncloud/core/issues/29248)
- SFTP key pair mode now works again - [#29156](https://github.com/owncloud/core/issues/29156)
- Use correct class namespace for ownCloud ext storage - [#28935](https://github.com/owncloud/core/issues/28935)
- Fix generated zip file to avoid errors with some zip tools - [#29149](https://github.com/owncloud/core/issues/29149)
- Fix position of dialog boxes - [#29133](https://github.com/owncloud/core/issues/29133) [#29467](https://github.com/owncloud/core/issues/29467)
- Move 64bit mtime migration from dav to core - [#29121](https://github.com/owncloud/core/issues/29121)
- Allow 0 byte quota to be entered on UI - [#29113](https://github.com/owncloud/core/issues/29113)
- Don't display warning about limited commands when running maintenance:install - [#28968](https://github.com/owncloud/core/issues/28968)
- Handle no user session in isSharingDisabledForUser() - [#28915](https://github.com/owncloud/core/issues/28915)
- Fix icon format for federated cloud sharing - [#28972](https://github.com/owncloud/core/issues/28972)
- Fix for decrypting user specific keys - [#29189](https://github.com/owncloud/core/issues/29189)
- Remove alternate keys storage during user delete - [#29155](https://github.com/owncloud/core/issues/29155)
- Fix error logs due to deletion of keys - [#28934](https://github.com/owncloud/core/issues/28934)
- Fix encryption panel to properly detect current mode after upgrade to ownCloud 10 - [#29049](https://github.com/owncloud/core/issues/29049)
- Fix quota check when uploading to federated shares - [#29325](https://github.com/owncloud/core/issues/29325) [#29424](https://github.com/owncloud/core/issues/29424)
- Fix issue when mounting another encrypted ownCloud - [#29360](https://github.com/owncloud/core/issues/29360)
- AccountMapper get by email is now case insensitive - [#29341](https://github.com/owncloud/core/issues/29341)
- Fix order of apps to be deterministic during install process - [#29267](https://github.com/owncloud/core/issues/29267)
- Only initiate connection to federated share when necessary - [#29314](https://github.com/owncloud/core/issues/29314)
- Allow group named "0" to be deleted - [#29323](https://github.com/owncloud/core/issues/29323)
- Do not translate CORS header in settings page - [#29313](https://github.com/owncloud/core/issues/29313)
- Disable background scan for home storage/cache - [#29306](https://github.com/owncloud/core/issues/29306)
- Fixed double escaping in full page error messages - [#29304](https://github.com/owncloud/core/issues/29304)
- Updated davclient.js which fixes issue whenever an app extends Array prototype - [#29305](https://github.com/owncloud/core/issues/29305)
- Fix OCS apps API to correctly include attributes into generated XML - [#29303](https://github.com/owncloud/core/issues/29303)
- Make enum type mapping work with migrations - [#29268](https://github.com/owncloud/core/issues/29268)
- Handle invalid storage when getting storage root id - [#29278](https://github.com/owncloud/core/issues/29278)
- Fix storing/retrieval for dav properties of non files - [#29273](https://github.com/owncloud/core/issues/29273)
- Remove double quotes from boolean values in status.php output - [#29271](https://github.com/owncloud/core/issues/29271)
- Tidy code in DAV related classes - [#29272](https://github.com/owncloud/core/issues/29272)
- Fix the missing argument to DecryptAll - [#29371](https://github.com/owncloud/core/issues/29371)
- Skip copying skeleton files if skeleton dir is not accessible - [#29379](https://github.com/owncloud/core/issues/29379)
- Use chunked DB query when preloading directory content for DAV properties - [#29416](https://github.com/owncloud/core/issues/29416)
- Fix failure when checking integrity signature for non-existing files - [#29433](https://github.com/owncloud/core/issues/29433)
- Prevent uploading of part files through WebDav - [#29432](https://github.com/owncloud/core/issues/29432)
- Only trigger "changeUser" event if account object really changed - [#29429](https://github.com/owncloud/core/issues/29429)
- Only load app type once in app manager classes - [#29428](https://github.com/owncloud/core/issues/29428)
- Use efficient startsWith implementation in server container - [#29427](https://github.com/owncloud/core/issues/29427)
- Fix race condition in browser when uploading folder tree - [#29435](https://github.com/owncloud/core/issues/29435)
- Disable nginx buffering for file downloads to avoid huge memory usage in some scenarios - [#29403](https://github.com/owncloud/core/issues/29403)
- Fix many issues related to session removal - [#28879](https://github.com/owncloud/core/issues/28879)
- Fix SMB to better detect when overwriting through rename - [#29564](https://github.com/owncloud/core/issues/29564)
- Fix files scan repair in bulk warning - [#29631](https://github.com/owncloud/core/issues/29631)
- Fix federated share import from public link - [#29677](https://github.com/owncloud/core/issues/29677)
- Fix status.php to properly display product name - [#29728](https://github.com/owncloud/core/issues/29728)
- Sort allowed storages checkbox list - [#29746](https://github.com/owncloud/core/issues/29746)

## [10.0.3] - 2017-09-15
### Added
- It is now possible to upgrade from 8.2.11 directly to 10 - [#28655](https://github.com/owncloud/core/issues/28655) [#28673](https://github.com/owncloud/core/pull/28673)
- Added extra check in case of missing home storage - [#28504](https://github.com/owncloud/core/issues/28504)
- Added Shield and Workflow icons - [#28588](https://github.com/owncloud/core/issues/28588)
- Enable chunking for big files in web UI when logged in - [#28547](https://github.com/owncloud/core/issues/28547)
- Added emitting of hook "post_unshareFromSelf" to Share 2.0 - [#28413](https://github.com/owncloud/core/issues/28413)
- Added occ user:inactive command to list inactive users - [#28294](https://github.com/owncloud/core/issues/28294)
- Added internal setting for the periodic credentials validity check - [#28298](https://github.com/owncloud/core/issues/28298)
- Added jquery events for external storage settings UI when using OAuth - [#28210](https://github.com/owncloud/core/issues/28210)
- Added public IThemeService which allows apps like the template editor to interact with the current theme - [#28647](https://github.com/owncloud/core/issues/28647) [#28926](https://github.com/owncloud/core/issues/28926)
- Added "passwordEnabled" field to hook data of link shares - [#28827](https://github.com/owncloud/core/issues/28827)
- Add new option to disable sharing in every user-mounted external storages - [#28706](https://github.com/owncloud/core/issues/28706)
- Added default user and group share permissions - [#28903](https://github.com/owncloud/core/issues/28903)
- Added occ command to list routes - [#28907](https://github.com/owncloud/core/issues/28907)
- Added mime types for m3u, m3u8, pls mappings to audio streams - [#28885](https://github.com/owncloud/core/issues/28885)

### Changed
- Transfer ownership now works with master key encryption - [#28537](https://github.com/owncloud/core/issues/28537) [#28845](https://github.com/owncloud/core/issues/28845)
- Reenable medial search by default - [#28064](https://github.com/owncloud/core/issues/28064)
- The LoginController now emits "failedLogin" hook signal after a failed login - [#28631](https://github.com/owncloud/core/issues/28631)
- All columns that use the fileid have been changed to bigint (64-bits) - [#28581](https://github.com/owncloud/core/issues/28581)
- Added search pattern for the occ app:list command - [#28653](https://github.com/owncloud/core/issues/28653)
- Allow phpredis develop branch - [#28717](https://github.com/owncloud/core/issues/28717)
- Default minimum desktop version in config.php is now 2.2.4 - [#28540](https://github.com/owncloud/core/issues/28540)
- Reallow negative mtimes by default in storage implementations - [#28697](https://github.com/owncloud/core/issues/28697)

### Deprecated
### Removed
- Removed "themes" folder - [#28617](https://github.com/owncloud/core/issues/28617) [#28999](https://github.com/owncloud/core/issues/28999)
- Removed unused Windows checks - [#28612](https://github.com/owncloud/core/issues/28612)
- Removed "appstoreenabled" from config.php - [#28714](https://github.com/owncloud/core/issues/28714)
- Slash in filename when renaming is not allowed any more in the frontend (unintended "feature") - [#28490](https://github.com/owncloud/core/issues/28490)
- Using old chunking protocol on new DAV endpoint is now disallowed - [#28637](https://github.com/owncloud/core/issues/28637)

### Fixed
#### Platform
- Fix issue with folder sizes on 32-bit systems - [#28654](https://github.com/owncloud/core/issues/28654)
- Fix null error in ActivityManager on some setups - [#28420](https://github.com/owncloud/core/issues/28420)
- Load app code before running app specific migrations - [#28391](https://github.com/owncloud/core/issues/28391)
- Prevent certificate manager to access FS too early, fixes 8.2 to 10 migration issue - [#28668](https://github.com/owncloud/core/pull/28668)
- Clustering: Better support of read only config file and apps folder - [#28594](https://github.com/owncloud/core/issues/28594) [#28601](https://github.com/owncloud/core/issues/28601)
- Only use IndexIgnore in htaccess if mod_autoindex.c is enabled/loaded - [#28591](https://github.com/owncloud/core/issues/28591)
- Fix app enable of not existing app - [#28317](https://github.com/owncloud/core/issues/28317)
- Keep redirect information when logging in with wrong password - [#28511](https://github.com/owncloud/core/issues/28511)
- Use SwiftMailer antiflood plugin to reconnect after multiple emails sent - [#28180](https://github.com/owncloud/core/issues/28180)
- Theme is now properly loaded when displaying full page error messages - [#28622](https://github.com/owncloud/core/pull/28622)
- Adjusted warning for PHP 5.5 EOL - [#28765](https://github.com/owncloud/core/issues/28765)
- Don't enable market app on upgrade from OC < 10 if "appstoreenabled" was false in config.php - [#28757](https://github.com/owncloud/core/issues/28757)
- Use different CSS comment style for IE11 support - [#28752](https://github.com/owncloud/core/issues/28752)
- Adjust default slogan - [#28724](https://github.com/owncloud/core/issues/28724)
- Catch filecache inconsistencies instead of logging warnings - [#28710](https://github.com/owncloud/core/issues/28710)
- Check for null when traversing app passwords table rows - [#28894](https://github.com/owncloud/core/issues/28894)
- Improve market upgrade messages + new switch - [#28871](https://github.com/owncloud/core/issues/28871)
- Make occ upgrade verbose by default - [#28876](https://github.com/owncloud/core/issues/28876)
- Add more information to updatechecker config doc - [#28867](https://github.com/owncloud/core/issues/28867)

#### Database
- All columns that use the fileid have been changed to bigint (64-bits) - [#28581](https://github.com/owncloud/core/issues/28581)
- Fix length of account search term column which broke installs on some DB setups - [#28576](https://github.com/owncloud/core/issues/28576)
- Fix column lengths on migrations table to fix index - [#28254](https://github.com/owncloud/core/issues/28254)
- Fixed some repeated duplicate key errors relate to oc_preferences table - [#28486](https://github.com/owncloud/core/issues/28486)
- Add migration step to fix birthday calendars - [#28338](https://github.com/owncloud/core/issues/28338)
- Added cache for new card uri-id mapping to fix db cluster execution - [#28308](https://github.com/owncloud/core/issues/28308)

#### Performance
- Optimize upload - don't fetch info of non-existing file - [#28704](https://github.com/owncloud/core/issues/28704)
- Optimize upload - don't check if file exists if already known - [#28704](https://github.com/owncloud/core/issues/28704)
- Optimize upload - do not fetch metadata for part file during checksuming - [#28633](https://github.com/owncloud/core/issues/28633)
- Optimize shares retrieval logic with complex scenarios - [#28524](https://github.com/owncloud/core/issues/28524)
- Optimize query logger - [#28220](https://github.com/owncloud/core/issues/28220)
- Remove initial scanning overhead to speed up federated shares with lots of entries - [#28604](https://github.com/owncloud/core/issues/28604)
- Improve contact search performance - [#28042](https://github.com/owncloud/core/issues/28042)
- Improved search performance for federated instance users - [#28209](https://github.com/owncloud/core/issues/28209)
- Add database index on "oc_share.share_with" column - [#28856](https://github.com/owncloud/core/issues/28856)

#### Filesystem / storage
- Don't trigger hooks for every new dav chunk, only for final file - [#28817](https://github.com/owncloud/core/issues/28817)
- Prevent creating file cache inconsistencies when moving a subtree in or out of a share - [#28219](https://github.com/owncloud/core/issues/28219)
- Add check for empty result in storage memcache - [#28548](https://github.com/owncloud/core/issues/28548)
- Fix error message when accessing of non-existing file on external storage - [#28613](https://github.com/owncloud/core/issues/28613)
- Fixed OAuth frontend logic when connecting to external storage - [#28496](https://github.com/owncloud/core/issues/28496) [#28400](https://github.com/owncloud/core/issues/28400)
- Fix quota handling on new Webdav endpoint (affects desktop client 2.2+) - [#28261](https://github.com/owncloud/core/issues/28261)
- Fix mounting Webdav as drive in Windows 10 - [#28243](https://github.com/owncloud/core/issues/28243)
- Fix rare error that happens when mounting invalid shares - [#28342](https://github.com/owncloud/core/issues/28342)
- Handle BSD case for 32 bit filemtime and install warning - [#28790](https://github.com/owncloud/core/issues/28790)
- Properly check target rename path in new dav endpoint - [#28737](https://github.com/owncloud/core/issues/28737)
- Increment required only when encryption is enabled - [#28880](https://github.com/owncloud/core/issues/28880)

#### Files app
- Make sure passed upload mtime is always an int - [#28186](https://github.com/owncloud/core/issues/28186)
- Fix directory mime type in trashbin list - [#28803](https://github.com/owncloud/core/issues/28803)
- Properly highlight files when opening private link - [#28681](https://github.com/owncloud/core/issues/28681)
- Fix overlapping selectively in default fileslist - [#28906](https://github.com/owncloud/core/issues/28906)
- Better timeout detection in web UI uploads + chunked uploads - [#28896](https://github.com/owncloud/core/issues/28896)
- Fix getting drop target when dragging from file manager  - [#28882](https://github.com/owncloud/core/issues/28882)
- Improve file upload progress bar - [#28861](https://github.com/owncloud/core/issues/28861)

#### Sharing
- Creating link shares now doesn't forget "Allow editing" permission any more - [#28065](https://github.com/owncloud/core/issues/28065)
- Fix "notify user" checkbox in share panel - [#28237](https://github.com/owncloud/core/issues/28237)
- Proper message shown when accessing unreachable private links - [#28600](https://github.com/owncloud/core/issues/28600)
- Fix exact search term match for LDAP in share autocomplete - [#28851](https://github.com/owncloud/core/issues/28851)
- Add tooltip to public shares panel - [#28781](https://github.com/owncloud/core/issues/28781)
- Validate share link password even if unchanged when updating share - [#28713](https://github.com/owncloud/core/issues/28713)
- Fix DiscoveryManager error during upgrade by untangling federated share app dependencies - [#28858](https://github.com/owncloud/core/pull/28858)

#### User management
- Don't set email if invalid in user:add command - [#28577](https://github.com/owncloud/core/issues/28577)
- Group admins can now properly edit members' email addresses - [#28366](https://github.com/owncloud/core/issues/28366)
- Fixed "settings_ajax_changegroupname" typo in route name - [#28746](https://github.com/owncloud/core/issues/28746)
- Use IProvidesEMailBackend to fix syncing with LDAP backend - [#28736](https://github.com/owncloud/core/issues/28736)

#### API related
- Make Backbone PROPPATCH work with options.wait mode - [#28791](https://github.com/owncloud/core/issues/28791) [#28837](https://github.com/owncloud/core/issues/28837)
- Detect PROPPATCH failure by parsing multistatus in Backbone Webdav adapter - [#28628](https://github.com/owncloud/core/issues/28628)
- Error messages from the server on upload are now displayed in the web UI instead of generic messages - [#28635](https://github.com/owncloud/core/issues/28635)
- Properly set the status text in OCS API v2 calls - [#28595](https://github.com/owncloud/core/issues/28595)
- Data was not properly set in case of OCS Result object - [#28198](https://github.com/owncloud/core/issues/28198)

#### Other
- Only reload file list when switching navigation sections - [#28843](https://github.com/owncloud/core/issues/28843)
- Make new text file tooltip messages update properly - [#28151](https://github.com/owncloud/core/issues/28151)
- Fix trashbin preview icons - [#28158](https://github.com/owncloud/core/issues/28158)
- Allow user "0" as in comments - [#28422](https://github.com/owncloud/core/issues/28422)
- Better description for occ files:scan command - [#28839](https://github.com/owncloud/core/issues/28839)
- Better description for occ files:cleanup command - [#28841](https://github.com/owncloud/core/issues/28841)
- Reworded upgrade message for admin with big instance - [#28828](https://github.com/owncloud/core/issues/28828)
- Make lost password errors distinguishable - [#28756](https://github.com/owncloud/core/issues/28756)
- Add height to menutoggler - [#28723](https://github.com/owncloud/core/issues/28723)
- Remove apostrophe from full page file read error text - [#28702](https://github.com/owncloud/core/issues/28702)
- Added missing "fatal" log level to occ log:manage level command - [#28683](https://github.com/owncloud/core/issues/28683)

## [10.0.2] - 2017-06-30

- [major] Fix issue with database.xml migration being triggered twice on market app install - [#27982](https://github.com/owncloud/core/issues/27982)
- [major] Apps formerly marked as shipped can now be uninstalled - [#27985](https://github.com/owncloud/core/issues/27985)
- [major] Market now properly updates app version when using multiple apps paths - [#28002](https://github.com/owncloud/core/issues/28002)

## [10.0.1] - 2017-06-23

- [major] Clear cached app info before installing app - [#27953](https://github.com/owncloud/core/issues/27953)
- [major] Fix to allow admin login when using home object store mode - [#27963](https://github.com/owncloud/core/issues/27963)
- [major] Skeleton files correct copied for shibboleth - [#27935](https://github.com/owncloud/core/issues/27935)
- [major] Automatically enable market app when upgrading from OC < 10 - [#27930](https://github.com/owncloud/core/issues/27930)
- [major] Fix issue where market would run app migrations twice in some scenarios - market/#76
- [major] Fetch search terms from user backend (ex: LDAP) for more extended user search ability - [#27906](https://github.com/owncloud/core/issues/27906)
- [major] Added support for upload-only link shares - [#27548](https://github.com/owncloud/core/issues/27548)
- [major] When enabling default encryption module the admin must now explicitly choose encryption type (master key vs user key) - [#27512](https://github.com/owncloud/core/issues/27512)
- [major] Fix missing "publicuri" field when upgrading from 9.1.5 - [#27754](https://github.com/owncloud/core/issues/27754)
- [major] Add options to the user:sync command to handle missing accounts - [#27798](https://github.com/owncloud/core/issues/27798)
- [major] Maintenance mode now properly blocks syncing on new DAV endpoint - [#27821](https://github.com/owncloud/core/issues/27821)
- [major] Copy button for multiple link share now copies the correct link - [#27863](https://github.com/owncloud/core/issues/27863)
- [major] Fix upload issues with IE11 - [#27875](https://github.com/owncloud/core/issues/27875)
- [major] Allow apps to register multiple settings panels - [#27885](https://github.com/owncloud/core/issues/27885)
- [major] Account table doesn't sync from user backends that have no listing support - [#27862](https://github.com/owncloud/core/issues/27862)
- [major] Add events for password validation - [#27883](https://github.com/owncloud/core/issues/27883)
- [major] Add JS event after external storage mount config is loaded, for UI extensions - [#27740](https://github.com/owncloud/core/issues/27740)
- [major] Fix theming of setup page by autoloading default_enable theme apps - [#27819](https://github.com/owncloud/core/issues/27819)
- [major] Allow apps to register custom settings page sections in info.xml - [#27634](https://github.com/owncloud/core/issues/27634)
- [major] Add admin sharing option to restrict autocomplete to membership groups but still allow typing full name if known - [#27869](https://github.com/owncloud/core/issues/27869)
- [minor] Market app update now doesn't overwrite local git checkouts - [#27973](https://github.com/owncloud/core/issues/27973)
- [minor] Delete "appstoreenabled" config value when enabling market - [#27956](https://github.com/owncloud/core/issues/27956)
- [minor] Do not verify email address when entered by an admin on their personal page - [#27921](https://github.com/owncloud/core/issues/27921)
- [minor] Fix default share permission issue in public API [#27927](https://github.com/owncloud/core/issues/27927)
- [minor] Properly rethrow exception when error occurred when enabling an app - [#27970](https://github.com/owncloud/core/issues/27970)
- [minor] Remove own shares from "Shared with you" section - [#27972](https://github.com/owncloud/core/issues/27972)
- [minor] Fix updating to daily from 10.0.0 with web updater - updater/#422
- [minor] Fix updating to 10.0.1 with web updater - [#27965](https://github.com/owncloud/core/issues/27965)
- [minor] Removed unused and non-working auto-login after setup - [#27971](https://github.com/owncloud/core/issues/27971)
- [minor] Fix SMB storage to return false if stat failed - [#27859](https://github.com/owncloud/core/issues/27859)
- [minor] Update swiftmailer - [#27897](https://github.com/owncloud/core/issues/27897)
- [minor] Escape filter in search - [#27900](https://github.com/owncloud/core/issues/27900)
- [minor] Fix file name output in error pages - [#27808](https://github.com/owncloud/core/issues/27808)
- [minor] Support for alternative login buttons through config.php - [#27607](https://github.com/owncloud/core/issues/27607)
- [minor] Example theme app renamed to "theme-example" by convention - [#27632](https://github.com/owncloud/core/issues/27632)
- [minor] Fix missing translation of built-in section names - [#27645](https://github.com/owncloud/core/issues/27645)
- [minor] Add ability to disable password reset form in config - [#27676](https://github.com/owncloud/core/issues/27676)
- [minor] Add support for themed radio buttons - [#27681](https://github.com/owncloud/core/issues/27681)
- [minor] Fix customjs extension handling for external storage apps - [#27683](https://github.com/owncloud/core/issues/27683)
- [minor] Fix upgrade error with mod_fcgid and PHP 7 - [#27553](https://github.com/owncloud/core/issues/27553)
- [minor] Remove sharing subtab when link sharing is disallowed - [#27708](https://github.com/owncloud/core/issues/27708)
- [minor] Add privacy warning in link shares panel - [#27844](https://github.com/owncloud/core/issues/27844)
- [minor] Fix files app name in navigation menu - [#27843](https://github.com/owncloud/core/issues/27843)
- [minor] Fix mimetype table code to ignore folder extensions - [#27668](https://github.com/owncloud/core/issues/27668)
- [minor] Automatically focus the password field in password reset page - [#27889](https://github.com/owncloud/core/issues/27889)
- [minor] Trashbin restore warnings due to missing entries now logged as debug - [#27826](https://github.com/owncloud/core/issues/27826)
- [minor] Remove obsolete repair step RemoveOldShares - [#27737](https://github.com/owncloud/core/issues/27737)
- [minor] "local link" was renamed to "private link" - [#27594](https://github.com/owncloud/core/issues/27594)
- [minor] Fix column sorting in public file list page - [#27308](https://github.com/owncloud/core/issues/27308)

## 10.0.0 - 2017-04-26

### Added
#### General

- Allows users to add the app to the Android homescreen: [#25438](https://github.com/owncloud/core/pull/25438)
- Compatible with PHP 7.1: [#25436](https://github.com/owncloud/core/pull/25346)
- MySQL 4-byte UTF8 support: (utf8mb4 for e.g. Emoticons) [#17978](https://github.com/owncloud/core/pull/17978)
- Admin, personal pages and app management are now merged together into a single "Settings" entry: [#26449](https://github.com/owncloud/core/pull/26449)
- Admin page displays the output of the server's status.php: [#27238](https://github.com/owncloud/core/pull/27238)
- Also allow using email address for password recovery: [#27168](https://github.com/owncloud/core/pull/27168)
- Ability to disable password reset: [#27440](https://github.com/owncloud/core/issues/27440)
- Support Redis Cluster: [#26407](https://github.com/owncloud/core/pull/26407)
- ownCloud log entry reorder: [#27562](https://github.com/owncloud/core/pull/27562)
- ownCloud log file rules to split into separate files: [#27443](https://github.com/owncloud/core/pull/27443)
- occ scanner optimized memory usage for large scans by using autocommits: [owncloud/core/27527](https://github.com/owncloud/core/pull/27527)
- Third party apps are not disabled anymore when upgrading

#### Filesystem

- Ability to exclude folders from being processed, like snapshot folders: [#19235](https://github.com/owncloud/core/pull/19235)
- Checksum is computed on the fly and verified (File integrity checking): [#26655](https://github.com/owncloud/core/issues/26655) / [Technical Documentation](https://github.com/owncloud/documentation/issues/2964)

#### Files App

- Share Link can be copied to the clipboard [#25418](https://github.com/owncloud/core/pull/25418)
- Display version sizes in versions panel [#26511](https://github.com/owncloud/core/pull/26511)
- Transfer ownership now works for individual folders [#27343](https://github.com/owncloud/core/pull/27343)
- Favorite star indicator now visible in the file lists related to sharing (ex: "Shared with you") [#19753](https://github.com/owncloud/core/issues/19753)

#### User management

- Ability to disable users in the users page (enable column first under cog icon) [#27333](https://github.com/owncloud/core/pull/27333)
- When changing personal email, an email confirmation is now sent [#7326](https://github.com/owncloud/core/issues/7326)
- When password is changed through any means, the user will now receive an email [#27498](https://github.com/owncloud/core/pull/27498)
- Change user preferences through OCC [#24770](https://github.com/owncloud/core/issues/24770)

#### External storage

- "Local" storage type can now be disabled by sysadmin in config.php [#26653](https://github.com/owncloud/core/issues/26653)
- External storage backends must use [core external storage API](https://doc.owncloud.org/server/10.0/developer_manual/app/extstorage.html) to work without "files_external" [#18160](https://github.com/owncloud/core/issues/18160)
- FTP external storage moved to a separate app [files_external_ftp](https://github.com/owncloud/files_external_ftp)

#### Dav App

- CalDAV calendar public sharing [#25351](https://github.com/owncloud/core/pull/25351)

#### Sharing

- Support for multiple link shares: [#27337](https://github.com/owncloud/core/pull/27337)
- When a recipient moves a file or folder out of a received share, the owner now receives a backup in their trashbin: [#27042](https://github.com/owncloud/core/pull/27042)
- User avatars now visible in sharing autocomplete dropdown: [#25976](https://github.com/owncloud/core/pull/25976)

#### For developers

- Users from all user backends are now stored in a central account table, improves performance by reducing recurring backend traffic: [#23558](https://github.com/owncloud/core/issues/23558)
- Added event whenever a user is enabled or disabled: [#23970](https://github.com/owncloud/core/issues/23970)
- Added first login event: [#26206](https://github.com/owncloud/core/pull/26206)
- Added postLogout hook: [#27048](https://github.com/owncloud/core/pull/27048)
- New column in oc_jobs table to store last duration: [#27144](https://github.com/owncloud/core/pull/27144)
- Ability to specify offset and limit when doing a REPORT query on a files endpoint: [#26507](https://github.com/owncloud/core/pull/26507)
- Avatar API via WebDAV https://github.com/owncloud/core/pull/26872
- Improve return value support for two factor auth providers API - [#26593](https://github.com/owncloud/core/issues/26593)
- Apps can now register Sabre plugins in info.xml: [#26195](https://github.com/owncloud/core/issues/26195)
- REPORT method for files endpoint now allows searching for favorites: [#26099](https://github.com/owncloud/core/pull/26099)
- Group backends can now return group display names (partial support, only used by sharing autocomplete): [#26750](https://github.com/owncloud/core/pull/26750)

### Changed

- status.php now returns whether an instance requires a DB update: [#26209](https://github.com/owncloud/core/pull/26209)
- config option to hide server version in status.php [#27473](https://github.com/owncloud/core/pull/27473)
- provisioning API now also returns the user's home path: [#26850](https://github.com/owncloud/core/issues/26850)
- web updater shows link to changelog in admin page: [#26796](https://github.com/owncloud/core/issues/26796)

[Unreleased]: https://github.com/owncloud/core/compare/v10.0.10...stable10
[10.0.10]: https://github.com/owncloud/core/compare/v10.0.9...v10.0.10
[10.0.9]: https://github.com/owncloud/core/compare/v10.0.8...v10.0.9
[10.0.8]: https://github.com/owncloud/core/compare/v10.0.7...v10.0.8
[10.0.7]: https://github.com/owncloud/core/compare/v10.0.6...v10.0.7
[10.0.6]: https://github.com/owncloud/core/compare/v10.0.5...v10.0.6
[10.0.5]: https://github.com/owncloud/core/compare/v10.0.4...v10.0.5
[10.0.4]: https://github.com/owncloud/core/compare/v10.0.3...v10.0.4
[10.0.3]: https://github.com/owncloud/core/compare/v10.0.2...v10.0.3
[10.0.2]: https://github.com/owncloud/core/compare/v10.0.1...v10.0.2
[10.0.1]: https://github.com/owncloud/core/compare/v10.0.0...v10.0.1
2019-03-20 07:16:06 +00:00
gutteridge
6c96675874 firefox: bump minimum Rust version required to 1.31.0
No PKGREVISION, build fix for those with older versions of Rust
installed. (I was hanging on with 1.30.1 until now.)
2019-03-20 00:30:07 +00:00
ryoon
1a634fb3b4 Update to 66.0
* Sync with www/firefox-66.0
2019-03-19 16:27:12 +00:00
ryoon
abf7893c8c Update to 66.0
Changelog:
New
    Firefox now prevents websites from automatically playing sound. You can add individual sites to an exceptions list or turn blocking off. To learn more about block autoplay, which will be rolled out gradually to all users, visit the Mozilla blog.

    Improved search experience:
        Find a specific webpage faster when you have a lot of tabs open: You can now search within all of your open tabs from the tab overflow menu
        Easier search via a redesigned new tab in Private Windows

    Smoother scrolling: Scroll anchoring keeps content from jumping as images and ads load at the top of the page

    Improved performance and better user experience for extensions:
        Extensions now store their settings in a Firefox database, rather than individual JSON files, making every site you visit faster
        A redesigned keyboard shortcuts section in about:addons makes it easier to view and adjust default shortcuts

    Redesigned certificate error pages help you better understand and resolve issues, including identification of certificate issuers for anti-virus software

    Added basic support for macOS Touch Bar

    Experimenting with an improved Pocket experience in New Tab with different layouts and more topical content

    Improved performance and reduced crash rates by [doubling web content loading processes from 4 to 8 [1]

    Easier, passwordless security: Added support for Windows Hello on Windows 10, allowing you to use your face, fingerprint, or external security keys for website authentication

Fixed
    The Dark and Light Firefox themes now override the system setting for title bar accent color on Windows 10

    Linux users: Resolved an issue that caused Firefox to freeze when downloading files

    Various security fixes

Changed

    System title bar is hidden by default to match Gnome guideline for Linux users

Developer

    DevTools Inspector is now fully usable when the Debugger is paused

    Lowered priority of setTimeout and setInterval during page load to improve overall page load performance

    Fixed: <button> element is no longer special cased in event dispatch, per latest specifications

Security fixes:
Not available yet.
2019-03-19 16:11:27 +00:00
jaapb
5b3142150d Added ocaml-uri to Makefile SUBDIRs 2019-03-19 14:27:18 +00:00
jaapb
476a6c15c0 Added www/ocaml-uri, a URI/URL parsing library for OCaml. 2019-03-19 14:26:38 +00:00
adam
13208bd94d py-django-countries: updated to 5.3.3
5.3.3:
- Add test coverage for Django Rest Framework 3.9.
2019-03-18 12:39:19 +00:00
adam
16ab05cbaf py-django-cors-headers: updated to 2.5.2
2.5.2:
* Improve inclusion of tests in sdist to ignore .pyc files.

2.5.1:
* Include test infrastructure in sdist to allow consumers to use it.
2019-03-18 12:37:51 +00:00
jklos
382c50036d Update Wordpress to 5.1.1 due to security issue outlined here:
https://wordpress.org/news/2019/03/wordpress-5-1-1-security-and-maintenance-release/
2019-03-16 17:55:04 +00:00
taca
810363274b www/ruby-compass: update dependencies
* Update dependency to devel/ruby-rb-inotify.
* Enable dependency to devel/ruby-rb-fsevent.
2019-03-16 14:17:20 +00:00
taca
36b13a4bfa www/ruby-sass-listen: update dependency to ruby-rb-inotify
Update dependency to ruby-rb-inotify.
2019-03-16 14:14:48 +00:00
wen
ae96e884fe Update to 8.6.12
Upstream changes:
8.6.12
The third-party Twig library, which powers Drupal 8's theme system, recently released new versions (Twig 1.38.0 and 1.38.1) that introduced a fatal error for Drupal 8 sites using Composer. Drupal 8.6.11 was released yesterday with an update to Twig 1.38.2 in order to resolve that error. However, this update also led to a different regression for certain Drupal 8 themes that use Twig {% embed %} tags. This release hotfixes Drupal 8 to resolve that regression. No other changes are included.

8.6.11
This release resolves two critical issues affecting Drupal 8 site updates:

    The third-party Twig library, which powers Drupal 8's theme system, recently released a new minor version (1.38.0) that introduced a fatal error when used with Drupal 8. As a result, Drupal 8 sites managed with Composer encountered this fatal error when updating Twig to version 1.38.0 or 1.38.1. This release updates Drupal to require Twig 1.38.2, which resolves the fatal error.

    The recent releases for SA-CORE-2019-003 introduced a serialized data integrity issue affecting some contributed and custom modules, including the Default Content and Paragraphs modules. This release resolves the issue for affected sites.

Additionally, this release resolves an administrator-only access bypass with the Layout Builder module. Previously, users who didn't have access to view individual entities were still granted access to configure the layout for that entity (if per-entity layout configuration was enabled) and therefore could view its content. This implicit access has been removed. Site owners should ensure that all content editor roles have access to view the content for which they are configuring the layout.
2019-03-16 13:15:03 +00:00
bsiegert
df61d022ce Revbump all Go packages after Go 1.12.1 update. 2019-03-16 08:35:37 +00:00
hauke
3d9f392295 Upgrade GLPI to 9.4.1.1
The full changelog is available at:
<https://github.com/glpi-project/glpi/milestone/30?closed=1>
<https://github.com/glpi-project/glpi/milestone/33?closed=1>

De-support apache 2.2 config in httpd-glpi.conf sample
Re-work the way we hook in pkgsrc specific etc and var paths
2019-03-15 16:32:13 +00:00
ryoon
94589856b8 Fix build with webrtc option, bump PKGREVISION
* webrtc option requires the internal libvpx.
* And remove widevinecdm option. It is not useful.
2019-03-15 12:52:42 +00:00
wiz
3ab57d3b33 firefox60: fix patch 2019-03-15 09:59:26 +00:00
wiz
49a81fa07a firefox60: sort LDFLAGS, add whitespace (to reduce diffs to tor-browser) 2019-03-15 09:59:19 +00:00
leot
745c1d8453 webkit-gtk: Update to 2.24.0
pkgsrc changes:
 - Remove patch-Source_JavaScriptCore_assembler_MacroAssemblerARM.cpp: logic
   changed upstream and there is no longer a function that check for a VFP.

Changes:
2.24.0
------
 - Added support fot content filtering.
 - Variation fonts support.
 - Fully emoji rendering support.
 - Added navigation and pinch zoom gestures for touchpads.
 - Support for JPEG2000 images (please note that in pkgsrc at the
   moment it is disabled to avoid a dependency on openjpeg)
 - Script dialogs are now modal to the current web view only.
 - New API to convert URI to format for display.
2019-03-13 20:49:40 +00:00
adam
27fd01bce1 py-autobahn: updated to 19.2.1
19.2.1
fix: set announced roles on appsession object
new: lower log noise on ApplicationErrors
new: allow explicit passing of tx endpoint and reactor
new: add attribute to forward applicationrunner to applicationsession via componentconfig
2019-03-13 19:21:07 +00:00
adam
fad1ff85d6 nghttp2: updated to 1.37.0
v1.37.0:
build
CMake build explicitly sets install location when building shared library.

nghttpx
This release fixes possible backend stall when header and request body are sent in their own packets.
The backend option gets weight parameter to influence backend selection.
This release fixes compile error with BoringSSL.
2019-03-13 17:45:08 +00:00
wen
44e3bd9e6f Update to 3.6.3
Upstream changes:
Moodle 3.6.3 release notes

Releases > Moodle 3.6.3 release notes

Release date: 11 March 2019

Here is the full list of fixed issues in 3.6.3.
Fixes and improvements

    MDL-63892 - Last post date and time shown correctly on forum page
    MDL-64609 - Gradebook regrading no longer gets stuck
    MDL-43428 - Quiz now displays the correct time left when quiz close date before time limit
    MDL-62345 - Site home and Dashboard now have different data-key attributes when the home page is set to site
    MDL-61405 - All assignment 'View annotated PDF' buttons work
    MDL-64632 - Invalid response value detected messaging error fix
    MDL-63103 - Server files performance improvement for sites with lots of activities and files
    MDL-64528 - Activities can no longer be marked as complete when the context is frozen
    MDL-63677 - Users no longer redirected back to a policy agreement when creating a new account
    MDL-55135 - View competency framework no longer required for viewing competencies in a course
    MDL-62454 - Numerical question units are displayed on the same line
    MDL-64553 - Notifications table has index for the useridfrom column
    MDL-64521 - Participants page performance improvement for courses with ~50k users and 10 groups
    MDL-48338 - A single simple discussion forum now scrolls to new posts
    MDL-60972 - Deleting course sections now also delete files used in the section description
    MDL-64652 - Data export performance improvement
    MDL-63674 - RTL languages correctly aligned in messaging interface
    MDL-64171 - Course image scaled down when no course summary
    MDL-64240 - Forum post word count correctly reflects the size of posts
    MDL-62680 - Accessibility improvement for quiz question feedback
    MDL-64679 - Option to clear prediction for analytics trained models
    MDL-62963 - Clearer button background in Boost
    MDL-64640 - Deleting of feedback question and deleting of user tour step no longer give a 404 error
    MDL-64856 - Glossary 'Actions menu' icon no longer disappears when browsing
    MDL-64730 - External tool 0 points score now correctly recorded as zero in the gradebook
    MDL-64464 - Drag and drop question types now allow use of mixed languages
    MDL-62143 - Boost navigation bar accessibility improvements
    MDL-64561 - Install database CLI script now shows help even if Moodle is already installed
    MDL-64134 - Messaging search simpler UI when search returns no results
    MDL-64385 - 'Allowed email domains' setting is now case insensitive
    MDL-63628 - Download assignment submission files via keyboard accessibility fix
    MDL-64469 - Question bank category edit link usability improvement
    MDL-63378 - Boost theme menu links contrast accessibility fix
    MDL-64143 - Messaging contacts are now shown in bold
    MDL-64144 - Messaging search results now shown with date rather than time stamp
    MDL-64971 - get_with_capability_join, get_users_by_capability, assign/unassign_capability now check the capability exists
2019-03-11 07:52:06 +00:00
adam
1180e5069b py-django-contrib-comments: updated to 1.9.1
1.9.1:
* WARNING: This is most probably the last version supporting Python 2.
* Added testing for Python 3.7.
* Confirmed support for Django 2.2 (no code changes required).
* Updated translations.
2019-03-10 15:28:24 +00:00
adam
7ba99fbd47 py-django-cors-headers: updated to 2.5.0
2.5.0:
* Drop Django 1.8, 1.9, and 1.10 support. Only Django 1.11+ is supported now.
2019-03-10 15:27:07 +00:00
adam
0b78185175 py-paste: updated to 3.0.8
3.0.8:
* Fix quoting of bytestrings
2019-03-10 13:54:40 +00:00
tsutsui
2a28a2c4e8 ruby-gnome2: update to 3.3.5.
Upstream changes:

== Ruby-GNOME2 3.3.5: 2019-03-10

This is a follow-up release of 3.3.4.

=== Changes

==== Ruby/GObjectIntrospection

  * Improvements

    * Ignored no (({GType})) interface.
2019-03-10 01:12:00 +00:00
tsutsui
1c7ef74ff1 ruby-gnome2: update to 3.3.4.
Upstream changes:

== Ruby-GNOME2 3.3.4: 2019-03-09

This is a real release to support GLib 2.60.

=== Changes

==== Ruby/GObjectIntrospection

  * Improvements

    * Ignored no (({GType})) interface.

== Ruby-GNOME2 3.3.3: 2019-03-09

This is a release to support GLib 2.60.

=== Changes

==== Ruby/GLib2

  * Improvements

    * Made tests more robust.
      [GitHub#1272][Reported by Jeremy Bicha]

    * Required pkg-config 1.3.5 or later.

    * Added support for GLib 2.60.

    * Windows: Removed support for static compilation.

  * Fixes

    * (({GLib::PollFD#fd=})): Fixed wrong conversion.

==== Ruby/GObjectIntrospection

  * Improvements

    * Improved auto (({#==}))/(({#!=})) implementations.
      They returns (({true}))/(({false})) for invalid argument instead
      of raising an error.

==== Ruby/GTK2

  * Improvements

    * Made tests more robust.
      [GitHub#1275][Reported by Jeremy Bicha]

==== Ruby/RSVG2

  * Improvements

    * Made tests more robust.
      [GitHub#1273][Reported by Mamoru TASAKA]

==== Ruby/Poppler

  * Improvements

    * (({Poppler::Document.new(data:)})):
      Added support for (({Encoding.default_internal})).

    * (({Poppler::Document.new})):
      Added support for (({#to_path})) objects as path.

=== Thanks

  * Jeremy Bicha

  * Mamoru TASAKA
2019-03-09 14:08:43 +00:00
bsiegert
7455fa5a88 all: revbump Go packages, now that they use go112 to build 2019-03-09 10:05:01 +00:00
joerg
8bf8b69e7c Add uwsgi-sse_offload option for integrating the redis pubsub to Server
Sent Event bridge patch. Defaults to off.
2019-03-06 13:07:58 +00:00
taca
eef56af35a www/ruby-jquery-rails: fix DEPENDS format
Fix DEPENDS format which was missing minimum version spec.
2019-03-05 22:35:31 +00:00
taca
2c3ca64017 www/ruby-padrino-gen: switch to depends on ruby-bundler1
Change denepdency to ruby-bundler1 from ruby-bunder.

Bump PKGREVISION.
2019-03-05 07:52:19 +00:00
taca
65c39e0e27 www/ruby-rails51: switch to depends on ruby-bundler1
Change denepdency to ruby-bundler1 from ruby-bunder.

Bump PKGREVISION.
2019-03-05 07:50:42 +00:00
taca
0027259ebb www/ruby-rails42: switch to depends on ruby-bundler1
Change denepdency to ruby-bundler1 from ruby-bunder.

Bump PKGREVISION.
2019-03-05 07:49:36 +00:00
rin
bc96ecc67d Add a patch accidentally missing in my previous commit:
- NetBSD/aarch64 doesn't have <sys/auxv.h>.

Fix build for NetBSD/aarch64.
2019-03-05 01:24:20 +00:00
gdt
59d0f46e13 www/gnurl: updated to 7.64.0 (from ng0@ in wip)
* upstream (curl) ChangeLog:

This release includes the following changes:
* cookies: leave secure cookies alone
* hostip: support wildcard hosts
* http: Implement trailing headers for chunked transfers
* http: added options for allowing HTTP/0.9 responses
* timeval: Use high resolution timestamps on Windows

This release includes the following bugfixes:
* CVE-2018-16890: NTLM type-2 out-of-bounds buffer read
* CVE-2019-3822: NTLMv2 type-3 header stack buffer overflow
* CVE-2019-3823: SMTP end-of-response out-of-bounds read
* FAQ: remove mention of sourceforge for github
* OS400: handle memory error in list conversion
* OS400: upgrade ILE/RPG binding.
* README: add codacy code quality badge
* Revert http_negotiate: do not close connection
* THANKS: added several missing names from year <= 2000
* build: make 'tidy' target work for metalink builds
* cmake: added checks for variadic macros
* cmake: updated check for HAVE_POLL_FINE to match autotools
* cmake: use lowercase for function name like the rest of the code
* configure: detect xlclang separately from clang
* configure: fix recv/send/select detection on Android
* configure: rewrite --enable-code-coverage
* conncache_unlock: avoid indirection by changing input argument type
* cookie: fix comment typo
* cookies: allow secure override when done over HTTPS
* cookies: extend domain checks to non psl builds
* cookies: skip custom cookies when redirecting cross-site
* curl --xattr: strip credentials from any URL that is stored
* curl -J: refuse to append to the destination file
* curl/urlapi.h: include "curl.h" first
* curl_multi_remove_handle() don't block terminating c-ares requests
* darwinssl: accept setting max-tls with default min-tls
* disconnect: separate connections and easy handles better
* disconnect: set conn->data for protocol disconnect
* docs/version.d: mention MultiSSL
* docs: fix the --tls-max description
* docs: use $(INSTALL_DATA) to install man page
* docs: use meaningless port number in CURLOPT_LOCALPORT example
* gopher: always include the entire gopher-path in request
* http2: clear pause stream id if it gets closed
* if2ip: remove unused function Curl_if_is_interface_name
* libssh: do not let libssh create socket
* libssh: enable CURLOPT_SSH_KNOWNHOSTS and CURLOPT_SSH_KEYFUNCTION for libssh
* libssh: free sftp_canonicalize_path() data correctly
* libtest/stub_gssapi: use "real" snprintf
* mbedtls: use VERIFYHOST
* multi: multiplexing improvements
* multi: set the EXPIRE_*TIMEOUT timers at TIMER_STARTSINGLE time
* ntlm: fix NTMLv2 compliance
* ntlm_sspi: add support for channel binding
* openssl: adapt to 3.0.0, OpenSSL_version_num() is deprecated
* openssl: fix the SSL_get_tlsext_status_ocsp_resp call
* openvms: fix OpenSSL discovery on VAX
* openvms: fix typos in documentation
* os400: add a missing closing bracket
* os400: fix extra parameter syntax error
* pingpong: change default response timeout to 120 seconds
* pingpong: ignore regular timeout in disconnect phase
* printf: fix format specifiers
* runtests.pl: Fix perl call to include srcdir
* schannel: fix compiler warning
* schannel: preserve original certificate path parameter
* schannel: stop calling it "winssl"
* sigpipe: if mbedTLS is used, ignore SIGPIPE
* smb: fix incorrect path in request if connection reused
* ssh: log the libssh2 error message when ssh session startup fails
* test1558: verify CURLINFO_PROTOCOL on file:// transfer
* test1561: improve test name
* test1653: make it survive torture tests
* tests: allow tests to pass by 2037-02-12
* tests: move objnames-* from lib into tests
* timediff: fix math for unsigned time_t
* timeval: Disable MSVC Analyzer GetTickCount warning
* tool_cb_prg: avoid integer overflow
* travis: added cmake build for osx
* urlapi: Fix port parsing of eol colon
* urlapi: distinguish possibly empty query
* urlapi: fix parsing ipv6 with zone index
* urldata: rename easy_conn to just conn
* winbuild: conditionally use /DZLIB_WINAPI
* wolfssl: fix memory-leak in threaded use
* spnego_sspi: add support for channel binding
2019-03-05 00:40:37 +00:00
ryoon
2f26f53fdf Fix build with lang/rust-1.33.0. Bump PKGREVISION 2019-03-04 15:53:06 +00:00
adam
dd2004ec21 py-genshi: updated to 0.7.1
0.7.1:
Add support for Python 3.5, 3.6 and 3.7.
Move to GitHub and Travis CI.
Add support for iterator arguments to _speedups Markup.join implementation so that it matches
the Python implementation.
Add HTML5 input placeholder attribute to list of translatable attributes.
Add missing boolean attributes to XHTML and HTML serializers.
Fix infinite recursion in template inlining.
Support slash escaped of CRLF newlines.
Disable the speedups C extension on CPython >= 3.3 since Genshi doesn't support the new Unicode
C API yet.
Fix handling of case where a translation has text after a closing tag.
Fix assert with side-effect in xi:fallback directive processing
2019-03-04 12:04:22 +00:00
adam
8288ea6785 py-djangorestframework: updated to 3.9.2
3.9.2:
Routers: invalidate _urls cache on register()
Deferred schema renderer creation to avoid requiring pyyaml.
Added 'request_forms' block to base.html
Fixed SchemaView to reset renderer on exception.
Update Django Guardian dependency.
Ensured support for Django 2.2.
Made templates compatible with session-based CSRF.
Adjusted field validators to accept non-list iterables.
Added SearchFilter.get_search_fields() hook.
Fix DeprecationWarning when accessing collections.abc classes via collections
Allowed Q objects in limit_choices_to introspection.
Added lazy evaluation to composed permissions.
Add negation ~ operator to permissions composition
Avoided calling distinct on annotated fields in SearchFilter.
Introduced RemovedInDRF…Warning classes to simplify deprecations.
2019-03-04 08:29:25 +00:00
taca
3cf4191d0a www/ruby-sinatra-contrib: drop dependency to activesupport
Drop dependency to ruby-activesupport.

Bump PKGREVISION.
2019-03-03 17:36:06 +00:00
taca
b031bd81cc www/ruby-rack15: remove pacakge
There is no pacakge to use this specific version of rack package.
2019-03-03 16:53:02 +00:00
taca
b8e42fb92d www/Makefile: remove ruby-rack15 2019-03-03 16:52:35 +00:00
taca
8458d11e83 www/ruby-rack-test: fix dependency
Fix dependency to ruby-rack.
2019-03-03 16:48:19 +00:00
taca
d7d1a5a08b www/ruby-rack-test: update to 1.1.0
Update ruby-rack-test to 1.1.0.

## 1.1.0 / 2018-07-21

* Breaking changes:
  * None

* Minor enhancements / new functionality:
  * [GitHub] Added configuration for Stale (Per Lundberg #232)
  * follow_direct: Include rack.session.options (Mark Edmondson #233)
  * [CI] Add simplecov (fatkodima #227)

Bug fixes:
  * Follow relative locations correctly. (Samuel Williams #230)

## 1.0.0 / 2018-03-27

* Breaking changes:
  * Always set CONTENT_TYPE for non-GET requests
    (Per Lundberg #223)

* Minor enhancements / bug fixes:
  * Create tempfile using the basename without extension
    (Edouard Chin #201)
  * Save `session` during `follow_redirect!`
    (Alexander Popov #218)
  * Document how to use URL params with DELETE method
    (Timur Platonov #220)

## 0.8.3 / 2018-02-27

* Bug fixes:
  * Do not set Content-Type if params are explicitly set to nil
    (Bartek Bu©Èat #212). Fixes #200.
  * Fix `UploadedFile#new` regression
    (Per Lundberg #215)

* Minor enhancements
  * [CI] Test against Ruby 2.5 (Nicolas Leger #217)

## 0.8.2 / 2017-11-21

* Bug fixes:
  * Bugfix for `UploadedFile.new` unintended API breakage.
    (Per Lundberg #210)

## 0.8.0 / 2017-11-20

* Known Issue
  * In `UploadedFile.new`, when passing e.g. a `Pathname` object,
    errors can be raised (eg. `ArgumentError: Missing original_filename
    for IO`, or `NoMethodError: undefined method 'size'`) See #207, #209.
* Minor enhancements
  * Add a required_ruby_version of >= 2.2.2, similar to rack 2.0.1.
    (Samuel Giddins #194)
  * Remove new line from basic auth. (Felix Kleinschmidt #185)
  * Rubocop fixes (Per Lundberg #196)
  * Add how to install rack-test from github to README. (Jun Aruga #189)
  * Update CodeClimate badges (Toshimaru #195)
  * Add the ability to create Test::UploadedFile instances without
    the file system (Adam Milligan #149)
  * Add custom_request, remove duplication (Johannes Barre #184)
  * README.md: Added note about how to post JSON (Per Lundberg #198)
  * README.md: Added version badge (Per Lundberg #199)
* Bug fixes
  * Bugfix for Cookies with multiple paths (Kyle Welsby #197)
2019-03-03 16:45:21 +00:00
taca
cf7dc82a41 www/ruby-jquery-rails: update to 4.3.3
## 4.3.3

- update jquery to 3.3.1

## 4.3.2

- update jquery to 3.3.0
- Add possibility to test HTML: all, attribute prefix, attribute contains,
  attribute ends with, child, and class selectors
- Fix matching mutiple calls for the same selector/function exception

## 4.3.1

- update jquery to 3.2.1

## 4.3.0

- update jquery to 3.2.0
- Add possibility to test HTML attribute selectors

## 4.2.2

- update jquery to 3.1.1

## 4.2.1

- update jquery to 3.1.0

## 4.2.0

- Support jQuery 3.x
- Update jquery-ujs to 1.2.2
- Update jQuery to 1.12.4 and 2.2.4

## 4.1.1

- Update jQuery to 1.12.1 and 2.2.1
- Update jquery-ujs to 1.2.1

## 4.1.0

- Update jQuery to 1.12.0 and 2.2.0
- Update jquery-ujs to 1.2.0

## 4.0.5

- Specify that Ruby version 1.9.3+ is required
- Test on Ruby 2.2
- Update jquery-ujs from 1.0.4 to 1.1.0

## 4.0.4

  - Fix CSP bypass vulnerability. CVE-2015-1840

## 4.0.1

  - Fix RubyGems permission problem.

## 4.0.0

  - Minimum dependency set to Rails 4.2
  - Updated to jquery-ujs 1.0.2
  - Support jQuery 1.x and 2.x
2019-03-03 16:35:33 +00:00
taca
349866d532 www/ruby-journey: remove package
Remove ruby-journey which was required by ruby-actionpack32.
2019-03-03 16:27:21 +00:00
taca
267ae52cd1 www/Makefile: remove ruby-journey 2019-03-03 16:26:40 +00:00
taca
c542044795 www/ruby-activeresource32: remove package
Remove ruby-activeresource32, a part of Ruby on Rails 3.2 packages which is
already EOL.
2019-03-03 16:00:25 +00:00
taca
9cc310e467 www/ruby-actionpack32:: remove package
Remove ruby-actionpack32, a part of Ruby on Rails 3.2 packages which is
already EOL.
2019-03-03 15:59:57 +00:00
taca
69058520c6 www/Makefile: remove ruby-actionpack32 and ruby-activeresource32 2019-03-03 15:59:23 +00:00
taca
b13c0e2a70 www/ruby-rails32: remove package
Start remove of Ruby on Rails 3.2 packages which is already EOL.
2019-03-03 15:53:01 +00:00
taca
dc0c1ffd36 www/ruby-sass-rails32: remove package
Remove ruby-sass-rails32 package which supported by Ruby on Rails 3.2.
2019-03-03 15:50:47 +00:00
taca
b9b3a5683b www/Makefile: remove ruby-rails32 and ruby-sass-rails32. 2019-03-03 15:50:16 +00:00
taca
3beb0d752c www/ruby-coffee-rails32: remove package
Remove ruby-coffee-rails32 package which supported by Ruby on Rails 3.2.
2019-03-03 15:48:13 +00:00
taca
a0ca365ee1 www/Makefile: replace ruby-coffee-rails32 with ruby-coffee-rails 2019-03-03 15:46:09 +00:00
taca
33d3b9e00e www/ruby-coffee-rails: add package version 4.2.2
Add ruby-coffee-rails package version 4.2.2 which supported by Ruby on
Rails 4.2 and later.

CoffeeScript adapter for the Rails asset pipeline.  Also adds support to use
CoffeeScript to respond to JavaScript requests (use `.coffee` views).
2019-03-03 15:45:40 +00:00
taca
0f247ea12c www/Makefile: add ruby-rails52 2019-03-03 15:03:51 +00:00
taca
07673f6bc8 www/ruby-rails52: add version 5.2.2 package
Add ruby-rails52 version 5.2.2 package.

Ruby on Rails is a full-stack web framework optimized for programmer
happiness and sustainable productivity.  It encourages beautiful code
by favoring convention over configuration.

This is for Ruby on Rails 5.2.
2019-03-03 15:03:16 +00:00
taca
f1e64f9894 www/Makefile: add ruby-{actioncable,actionpack,actionview}52 2019-03-03 14:53:54 +00:00
taca
9533ff820b www/ruby-actioncable52: add version 5.2.2 package
Add ruby-actioncable52 version 5.2.2 package.

# Action Cable – Integrated WebSockets for Rails

Action Cable seamlessly integrates WebSockets with the rest of your Rails
application.  It allows for real-time features to be written in Ruby in the
same style and form as the rest of your Rails application, while still being
performant and scalable.  It's a full-stack offering that provides both a
client-side JavaScript framework and a server-side Ruby framework.  You have
access to your full domain model written with Active Record or your ORM of
choice.

This is for Ruby on Rails 5.2.
2019-03-03 14:53:04 +00:00
taca
4896d9a515 www/ruby-actionpack52: add version 5.2.2 package
Add ruby-actionpack52 version 5.2.2 package.

Action Pack is a framework for handling and responding to web requests. It
provides mechanisms for *routing* (mapping request URLs to actions), defining
*controllers* that implement actions, and generating responses by rendering
*views*, which are templates of various formats. In short, Action Pack
provides the view and controller layers in the MVC paradigm.

This is for Ruby on Rails 5.2.
2019-03-03 14:51:57 +00:00
taca
d94b1faa0e www/ruby-actionview52: add version 5.2.2 package
Add ruby-actionview52 version 5.2.2 package.

Action View provides simple, battle-tested conventions and helpers for
building web pages.

This is for Ruby on Rails 5.2.
2019-03-03 14:50:27 +00:00
taca
99d539cb8e www/ruby-actionpack42: depends on ruby-rack-test06
Change dependency from ruby-rack-test to ruby-rack-test06.

Bump PKGREVISION.
2019-03-03 14:38:52 +00:00
taca
b331c268fb www/ruby-actionpack32: depends on ruby-rack-test06
Change dependency from ruby-rack-test to ruby-rack-test06.
2019-03-03 14:38:12 +00:00
taca
9c124711af www/Makefile: add and enable ruby-rack-test06 2019-03-03 14:35:53 +00:00
taca
e7dd07e03b www/ruby-rack-test06: re-add ruby-rack-test 0.6.3
Add ruby-rack-test package version 0.6.3 as ruby-rack-test06.
2019-03-03 14:35:21 +00:00
ryoon
62cd52bc4e Update to 65.0.2
* Sync with/firefox-65.0.2
2019-03-03 00:58:16 +00:00
ryoon
5e4399c095 Update to 65.0.2
Changelog:
fixed: Fixed an issue with geolocation services affecting Windows users
2019-03-03 00:57:29 +00:00
wen
c62d17da5e Update to 5.1
Upstream changelog please visit:
https://wordpress.org/news/2019/02/betty/
2019-03-02 14:30:14 +00:00
leot
f2094a5ea5 midori: Update to 8.0
Changes:
8.0
---
 Javascript changes confirmation and prompts use dialogs again
 Bug fixes in Urlbar completion and focus handling as well as Adblock filtering
 Headerbar enabled by default only under Budgie, GNOME and Patreon
 Re-introduced support for `--inactivity-reset`, `-e Fullscreen` and `-e ZoomIn`
 Initial support for cross-browser web extensions (not exposed in the GUI yet)
 Builds deps: Glib lowered to 2.46.2, Json-Glib and libarchive are now required
 Link to the bug tracker from the About dialog
 Correct handling of external URIs such as apt:
 Fixed installation path for appdata and plugins
 Support for building Midori on Android with Gradle
 Better internal distinction of errors from visiting pages
 Zoom indicators in the page menu and statusbar features extension
2019-03-02 11:01:55 +00:00
leot
f8da3fa9a3 webkit-gtk: Update to 2.22.7
pkgsrc changes:
 - Remove patch-Source_JavaScriptCore_dfg_DFGDoesGC.cpp, it was applied in
   2.22.7

Changes:
2.22.7
======
  - Fix rendering of glyphs in Hebrew (and possibly other languages) when
    Unicode NFC normalization is used.
  - Fix several crashes and race conditions.
2019-03-01 18:53:17 +00:00
ryoon
8933e547fc Update to 1.15.9
Changelog:
Changes with nginx 1.15.9                                        26 Feb 2019

    *) Feature: variables support in the "ssl_certificate" and
       "ssl_certificate_key" directives.

    *) Feature: the "poll" method is now available on Windows when using
       Windows Vista or newer.

    *) Bugfix: if the "select" method was used on Windows and an error
       occurred while establishing a backend connection, nginx waited for
       the connection establishment timeout to expire.

    *) Bugfix: the "proxy_upload_rate" and "proxy_download_rate" directives
       in the stream module worked incorrectly when proxying UDP datagrams.
2019-03-01 18:07:04 +00:00
adam
bc085b513d py-django-cors-headers: updated to 2.4.1
2.4.1:
* Fix DeprecationWarning from importing collections.abc.Sequence on
  Python 3.7.
2019-03-01 12:48:09 +00:00
adam
4928f018ca py-paste: updated to 3.0.7
3.0.7:
* Send bytestrings when writing chunks from paste/httpserver.py.
2019-03-01 08:50:54 +00:00
schmonz
51b28d1d38 Add dependency on p5-LWPx-ParanoidAgent. Ride recent version bump. 2019-02-28 22:20:01 +00:00
schmonz
3bfdd54f74 Update to ikiwiki. From the changelog:
* aggregate: Use LWPx::ParanoidAgent if available.
  Previously blogspam, openid and pinger used this module if available,
  but aggregate did not. This prevents server-side request forgery or
  local file disclosure, and mitigates denial of service when slow
  "tarpit" URLs are accessed.
  (CVE-2019-9187)
* blogspam, openid, pinger: Use a HTTP proxy if configured, even if
  LWPx::ParanoidAgent is installed.
  Previously, only aggregate would obey proxy configuration. If a proxy
  is used, the proxy (not ikiwiki) is responsible for preventing attacks
  like CVE-2019-9187.
* aggregate, blogspam, openid, pinger: Do not access non-http, non-https
  URLs.
  Previously, these plugins would have allowed non-HTTP-based requests if
  LWPx::ParanoidAgent was not installed. Preventing file URIs avoids local
  file disclosure, and preventing other rarely-used URI schemes like
  gopher mitigates request forgery attacks.
* aggregate, openid, pinger: Document LWPx::ParanoidAgent as strongly
  recommended.
  These plugins can request attacker-controlled URLs in some site
  configurations.
* blogspam: Document LWPx::ParanoidAgent as desirable.
  This plugin doesn't request attacker-controlled URLs, so it's
  non-critical here.
* blogspam, openid, pinger: Consistently use cookiejar if configured.
  Previously, these plugins would only obey this configuration if
  LWPx::ParanoidAgent was not installed, but this appears to have been
  unintended.
* po: Always filter .po files.
  The po plugin in previous ikiwiki releases made the second and
  subsequent filter call per (page, destpage) pair into a no-op,
  apparently in an attempt to prevent *recursive* filtering (which as
  far as we can tell can't happen anyway), with the undesired effect
  of interpreting the raw .po file as page content (e.g. Markdown)
  if it was inlined into the same page twice, which is apparently
  something that tails.org does. Simplify this by deleting the code
  that prevented repeated filtering. Thanks, intrigeri
  (Closes: #911356)
2019-02-28 22:00:48 +00:00
adam
490543b508 py-pylint-django: updated to 2.0.6
Version 2.0.6:
- Updating dependency version of pylint-plugin-utils as pylint 2.3 release
  was not compatible
- Improvements to tox.ini
- Add support for new load_configuration hook of pylint
- 'urlpatterns' no longer reported as an invalid constant name
2019-02-28 09:24:59 +00:00
gutteridge
e83f81e5a0 Makefile: minor re-ordering 2019-02-28 03:24:52 +00:00
adam
0345cb435c py-uwsgi: updated to 2.0.18
uWSGI 2.0.18:
Fixed support for Python 3.7
Allow to use autoport (socket :0) with custom socket backlog
pyuwsgi ported to python3
pyuwsgi packages fixes
pyuwsginossl build configuration for building pyuwsgi without ssl support
Fix unix socket inheritance after reload on FreeBSD
Fix crashes with –wsgi-env-behavior=holy
Fix invalid free in python plugin
Fix compilation warnings with gcc-8
Fix spooler python references
Don’t generate build warnings in systemd_logger
Fix segmentation fault during worker shutdown
2019-02-27 12:15:54 +00:00
adam
5e64d819a7 py-test-django: updated to 3.4.8
3.4.8:
Fix DB renaming fixture for Multi-DB environment with SQLite
2019-02-27 12:07:14 +00:00
ryoon
cace62a974 Remove obsolete patch, noticed by leot@. Thank you. 2019-02-26 13:47:39 +00:00
rin
2e4c84bbdd Add support for NetBSD/aarch64 and arm.
This includes patches for third_party/rust/libc 2.43, which requires
hack to overwrite checksum fields in .cargo-checksum.json. These will
become unnecessary if libc >= 2.45 is imported.

For aarch64,

- python locks up randomly when "make configure"; see lib/54017:
http://gnats.netbsd.org/54017

- nodejs randomly(?) crashes sometimes.

However, if you are luckly enough ;-), you will have a working binary.

Bump revision.
2019-02-26 12:14:12 +00:00
adam
58b611b952 py-WSGIProxy2: updated to 0.4.6
0.4.6:
- PATCH added into (default) list of allowed methods
2019-02-26 11:27:17 +00:00
ryoon
d1f77318bc Update to 60.5.2
* Sync with www/firefox60-60.5.2
2019-02-26 11:24:47 +00:00
ryoon
0e9e214cdd Update to 60.5.2
Changelog:
60.5.2
Fixed a frequent crash when reading various Reuters news articles (bug 1505844)

60.5.1
#CVE-2018-18356: Use-after-free in Skia
#CVE-2019-5785: Integer overflow in Skia
#CVE-2018-18335: Buffer overflow in Skia with accelerated Canvas 2D

60.5.0
#CVE-2018-18500: Use-after-free parsing HTML5 stream
#CVE-2018-18505: Privilege escalation through IPC channel messages
#CVE-2018-18501: Memory safety bugs fixed in Firefox 65 and Firefox ESR 60.5
2019-02-26 11:23:53 +00:00
adam
87d4f62b09 py-websocket-client: updated to 0.55.0
0.55.0
- Add response headers in WebSocketBadStatusException
- Manually assigning WebSocket-Version
- SSL socket handling fix
- Let setup.py use the same license as LICENSE file
- Ensure that "timeout" is passed down, when calling WebSocket.connect()
- Retry connect on "Interrupted system call"
2019-02-26 10:37:10 +00:00
jperkin
a32bf52ce3 ruby-sass-listen: Fix path to ruby-rb-inotify. 2019-02-25 09:20:53 +00:00
adam
0b6748734d py-flask-caching: updated to 1.5.0
Version 1.5.0:
- Add support for a Redis Sentinel Cluster.
- Parameterize the hash function so alternatives can be used.
- Include the deprecated werkzeug.contrib.cache module in Flask-Caching.
2019-02-25 08:49:12 +00:00
adam
47a71aacfd py-django-extensions: updated to 2.1.6
Changes 2.1.6:
runserver_plus, auto_reloader fix for compatibility with Django 2.2
test, many many more tests :-)
2019-02-24 20:35:46 +00:00
taca
a681ca0696 www/drupal8: update to 8.6.10
Drupal 8.6.10 (2019-02-20)

Maintenance and security release of the Drupal 8 series.

This release fixes security vulnerabilities. Sites are urged to upgrade
immediately after reading the security announcement and notes below:

* Drupal core - Remote code execution - SA-CORE-2019-003

Sites on 8.5.x or earlier should update immediately to Drupal 8.5.11 instead,
and plan to update to the latest 8.6.x release before May 2019 (when 8.7.0 is
released and 8.5.x security coverage ends).

Important update information

For site owners

* In addition to the above fix, this release includes the fix for #3031740:
  Updating to 8.6.8 or 8.6.9 with Drush 8 causes data loss via
  update_fix_compatibility() to prevent Drush 8 issues for sites updating
  directly from an earlier security release.

* update.php must be run after updating to ensure changes from the patch take
  effect.

* No changes have been made to the .htaccess, web.config, robots.txt or
  default settings.php files in this release, so upgrading custom versions of
  those files is not necessary if your site is already on the previous
  release.

For module developers

Some contributed module tests may need to be updated if they extend core's
test suite, due to a minor API change in a test base class.
2019-02-24 16:31:39 +00:00
taca
22ef940c15 www/ruby-compass-import-once: update dependency to ruby-sass34
* Update dependency from www/ruby-sass to www/ruby-sass34.
* Add "USE_LANGUAGES= # none".

Bump PKGREVISION.
2019-02-24 16:26:21 +00:00
taca
0a42705cb3 www/ruby-compass-core: update dependency to ruby-sass34
* Update dependency from www/ruby-sass to www/ruby-sass34.
* Add "USE_LANGUAGES= # none".

Bump PKGREVISION.
2019-02-24 16:24:55 +00:00
taca
5f374d4b11 www/ruby-sass34: update to 3.4.25
3.4.25 (7 July 2017)

* Fix a bug where * wouldn't always be eliminated during selector unification.

Deprecations -- Must Read!

* Extending compound selectors such as .a.b is deprecated. This never followed
  the stated semantics of extend: elements that match the extending selector
  are styled as though they matches the extended selector.

* When you write h1 {@extend .a.b}, this should mean that all h1 elements are
  styled as though they match .a.b¡½that is, as though they have class="a b",
  which means they'd match both .a and .b separately. But instead we extend
  only selectors that contain both .a and .b, which is incorrect.

* Color arithmetic is deprecated. Channel-by-channel arithmetic doesn't
  correspond closely to intuitive understandings of color. Sass's suite of
  color functions are a much cleaner and more comprehensible way of
  manipulating colors dynamically.

* The reference combinator, /foo/, is deprecated since it hasn't been in the
  CSS specification for some time.

* The old-style :name value property syntax is deprecated. This syntax is not
  widely used, and is unnecessarily different from CSS.
2019-02-24 16:22:26 +00:00
taca
0e255255ad www/ruby-sass: update to 3.7.3
3.7.3 (4 January 2019)

* Emit escaped tab characters in identifiers as \9 rather than a backslash followed by a literal tab.

3.7.2 (8 November 2018)

* Fix more escaped-whitespace edge cases.

3.7.1 (7 November 2018)

* Properly handle escaped whitespace and other unusual characters.

3.7.0 (6 November 2018)

* Add support for CSS's min() and max() math functions. A min() and max() call will continue to be parsed as a Sass function if it involves any Sass-specific features like variables or function calls, but if it's valid plain CSS (optionally with interpolation) it will be emitted as plain CSS instead.

  See the proposal for details.

* Add support for range-format media features like (10px < width < 100px). See the proposal for details.
* Normalize escape codes in identifiers so that, for example, «±clair and \E9clair are parsed to the same value. See the proposal for details.

Backwards Incompatibilities -- Must Read!

* Percentages passed as $alpha arguments to rgba() and hsla() are now interpreted according to the spec, and all other units are disallowed.

3.6.0 (19 September 2018)

* Add support for importing an _index.scss or _index.sass file when importing a directory.

Backwards Incompatibilities -- Must Read!

* Tokens such as #abcd that are ambiguous between ID strings and hex colors with an alpha channel are now parsed as colors.

3.5.7 (18 July 2018)

* Add a post-install message indicating that Ruby Sass is deprecated.
* Properly emit an error when an empty block is passed to a mixin that doesn't use @content.

3.5.6 (22 March 2018)

* Allow ! in custom property values.

* var() may now be passed in place of multiple arguments to rgb(), rgba(), hsl() and hsla().
* Don't crash on custom properties that aren't followed by semicolons.
* Don't crash when normalizing numbers with complex units.
* Don't crash on $x % 0.

3.5.5 (4 January 2018)

* Emit a warning when && is used, since it's probably not what the user means.
* Add a suggested replacement for extended compound selectors.
* Fix a bug where an unparseable selector produced an unuseful error.

3.5.4 (15 December 2017)

* round() now returns the correct results for negative numbers that should round down.

* Avoid thread-unsafely modifying $stderr.

3.5.3 (26 October 2017)

* Generate correct source maps for map literals.

3.5.2 (4 October 2017)

* Properly parse CSS variables that begin with interpolation (for example, --#{$foo}: ...).

3.5.1 (13 July 2017)

* Avoid conflicts with the listen gem.

3.5.0 (12 July 2017)

* Default to ten digits of numeric precision.
* Combine ids and :root when unifying selectors with @extend and selector functions.
* It's no longer an error to @extend a selector that exists in the stylesheet, but for which unification fails.
* Add a $weight parameter to invert().
* The last argument in an argument list can now have a trailing comma.
* Allow var() to be passed to rgb(), rgba(), hsl(), and hsla().
* Add support for the ::slotted() pseudo-element.
* Add support for CSS's grid template areas and named lines. We support this syntax through a new type of list called a "bracketed list". Bracketed lists can be created by wrapping a list with square brackets. For example: [this is bracketed] and [this, is, also, bracketed]. Bracketed lists will output their square brackets when used as a CSS value. Bracketed lists may be either space-separated or comma-separated. The is-bracketed() function, when passed a list will return a boolean indicating whether that list will output with brackets. The join() function now accepts a $bracketed parameter that controls whether the returned list has brackets.
* A new function content-exists() will return true when called within a mixin that was passed content for use by the @content directive.
* Passing a string to call($function-name, $args...) indicating which function to invoke is now deprecated. Instead pass a function reference returned from get-function($function-name). This allows function name resolution to be performed in the correct lexical context and then invoked in a different context. This is required so that the module-based resolver in Sass 4.0 will invoke the correct function when calling across module boundaries. Developers of frameworks that use call should not do the function lookup for callers of their framework; this is likely to result in a situation where the framework cannot resolve the function in 4.0.
* Values that can be interpreted as hex colors with alpha channels and also as ID values, such as #abcd, now emit deprecation warnings in preparation for being parsed differently Sass 3.6. They were previously parsed as strings, and in 3.6 they will be parsed as colors instead.
* Pseudo selectors that take arguments now allow any [<declaration-value>][declaration-value] production in their argument list. This will provide better forwards-compatibility for future CSS syntax.
* Pseudo selectors that take selectors as arguments will no longer always be eliminated if they contain placeholder selectors that aren't extended. Instead, they'll be reduced to valid CSS selectors if possible.
* Generated transparent colors will now be emitted as rgba(0, 0, 0, 0) rather than transparent. This works around a bug wherein IE incorrectly handles the latter format.
* The indented syntax now allows different indentation to be used for different lines, as long as they define a consistent tree structure.

Backwards Incompatibilities -- Must Read!

* The way CSS variables are handled has changed to better correspond to the CSS spec. They no longer allow arbitrary SassScript in their values; instead, almost all text in the property values will be passed through unchanged to CSS. The only exception is #{}, which will inject a SassScript value as before.
2019-02-24 16:18:52 +00:00
taca
eb09b4d0e1 www/Makefile: add and enable ruby-sass34 2019-02-24 16:12:36 +00:00
taca
50aed6b1cd www/ruby-sass34: add ruby-sass 3.4.24 as ruby-sass34
Add ruby-sass 3.4.24 package as ruby-sass34.
2019-02-24 16:11:45 +00:00
taca
253825f706 www/Makefile: add and enable ruby-sass-rails 2019-02-24 16:04:12 +00:00
taca
95bea03c15 www/ruby-sass-rails: add package version 5.0.7
Add ruby-sass-rails package version 5.0.7 which covers Ruby on Rails 4.2
and later.


Sass adapter for the Rails asset pipeline.

This gem provides official integration for Ruby on Rails projects with the
Sass stylesheet language.
2019-02-24 16:03:44 +00:00
taca
a952477433 www/Makefile: add and enable ruby-sass-listen 2019-02-24 15:51:52 +00:00
taca
2024a14dac www/ruby-sass-listen: add version 4.0.0 package
This fork of guard/listen provides a stable API for users of the ruby Sass CLI.

Listen

The Listen gem listens to file modifications and notifies you about the changes.

Features

* OS-optimized adapters on MRI for Mac OS X 10.6+, Linux, \*BSD and Windows,
  [more info](#listen-adapters) below.
* Detects file modification, addition and removal.
* You can watch multiple directories.
* Regexp-patterns for ignoring paths for more accuracy and speed
* Increased change detection accuracy on OS X HFS and VFAT volumes.
* Tested on MRI Ruby environments (2.0+ only) via
  [Travis CI](https://travis-ci.org/guard/listen).
2019-02-24 15:50:25 +00:00
leot
fb7889f9fe www: Add tscrape 2019-02-22 21:24:19 +00:00
leot
de5b623b83 tscrape: Import tscrape-0.1 as www/tscrape
tscrape reads the Twitter HTML page and scrapes the data into a
TAB-separated format to stdout.
2019-02-22 21:23:29 +00:00
gutteridge
349388fe27 firefox: libwebp >= 1.0.1 is now explicitly required
Note explicit dependency on libwebp >= 1.0.1. (libwebp itself doesn't
merit a general bump in its buildlink3.mk file, since according to its
change log, there are no incompatibilities added.) No PKGREVISION bump,
since either this previously built with the newer version of libwebp in
the current pkgsrc tree, or it failed to meet the dependency.
2019-02-21 23:56:51 +00:00
maya
27d1c6ecd0 webkit-gtk: backport upstream patch. security fix.
Subject: [PATCH] Fix DFG doesGC() for CompareEq/Less/LessEq/Greater/GreaterEq
 and CompareStrictEq nodes. https://bugs.webkit.org/show_bug.cgi?id=194800
 <rdar://problem/48183773>

Reviewed by Yusuke Suzuki.

Fix doesGC() for the following nodes:

    CompareEq:
    CompareLess:
    CompareLessEq:
    CompareGreater:
    CompareGreaterEq:
    CompareStrictEq:
        Only return false (i.e. does not GC) for child node use kinds that have
        been vetted to not do anything that can GC.  For all other use kinds
        (including StringUse and BigIntUse), we return true (i.e. does GC).

* dfg/DFGDoesGC.cpp:
(JSC::DFG::doesGC):


This was published alongside with exploit code claiming it is remote
code execution, but I don't understand what the exploit is doing.

bump PKGREVISION
2019-02-21 18:52:15 +00:00
adam
4e6614917e py-django-js-asset: updated to 1.2.2
1.2.2:
Unknown changes
2019-02-21 16:25:13 +00:00
ryoon
adbc29e20c Update to 15.0.4
Changelog:
15.0.4
Changes
    Make external storages browsable again in the web UI (server#14076)

15.0.3
Changes
    Upload new files in objectstore to a .part path first (server#13036)
    Broker: add timezone to CANCEL messages (server#13384)
    Add strengthify.min files (server#13546)
    Fix click app names (server#13575)
    Principals can be principal/user/ or principal/ from lega… (server#13582)
    Correctly handle displaynames returned from the sharee API (server#13585)
    Don't close input stream when writing in encrypted file (server#13588)
    Bump pear/archive_tar to 1.4.5 (server#13598)
    Fix integer background job id type error (server#13609)
    Fix user settings label translation (server#13611)
    Fix app navigation flickering on hover (server#13625)
    Update URL for federation (server#13636)
    Fix colorizeSvg with transformations that contain a comma (,) (server#13653)
    Use warning background color & primary text color for setting warnings (server#13665)
    Fix template paramter (server#13670)
    Cache tokens when using swift's v2 authentication (server#13740)
    Cleanup shared lock if changing to exclusive lock failed (server#13744)
    Honor remember_login_cookie_lifetime (server#13758)
    Fix integration of social sharing into the link popover menu (server#13761)
    Respect user locale in natural sort comparator (server#13762)
    Call proper function when fetching link shares in the breadcrumb view (server#13769)
    Add acceptance tests for moving and copying files (server#13771)
    Show proper default locale (server#13781)
    Ignore non existing users when retrieving details of group members (server#13792)
    Remove .css fileending from accessibility user css route (server#13793)
    Add icon to restore activity (server#13794)
    Fix long comment in dark theme (server#13804)
    Bump bower from 1.8.4 to 1.8.8 in /build (server#13821)
    Fix for high contrast theme (server#13852)
    Always use multipart uploader for s3 uploads (server#13882)
    Fix paged search with multiple bases (LDAP) (server#13884)
    Fix dropping a folder on a folder row (server#13887)
    Fix updating the password of a link share when passwords are enforced (server#13900)
    Add fallback for trashbin original location (server#13904)
    Allow shared versions again in legacy backend (server#13905)
    Improve data directory write checking for NFS mounts (server#13906)
    Clean pending 2FA authentication on password reset (server#13915)
    Forward error message from password policy (server#13918)
    Remove warning in case of external storage error (server#13920)
    Handle mail send error gracefully (server#13930)
    Bump pear/archive_tar from 1.4.3 to 1.4.5 (3rdparty#214)
    Move to SCSS and fix app icon for dark theme (activity#338)
    Fill screen in fullscreen mode for public videos. Fixes #77 (files_videoplayer#79)
    Use target="_blank" and rel="noreferrer noopener" (firstrunwizard#105)
    Fix notification documentation to reflect recent changes (notifications#258)
2019-02-20 15:13:04 +00:00
ryoon
e8ebc3dfb8 Update to 0.54.0
Changelog:
Enhancements
Templates

    Adjust tests ddc6d4e3 @bep #5643
    Prevent getJSON and getCSV fetch failure from aborting build 6a2bfcbe @anthonyfok #5643

Core

    Expand TestPageWithEmoji to cover '+', '-' and '_' too 2a9060a8 @anthonyfok #5635
    Restore 0.48 slash handling in taxonomies 40ffb048 @bep #5571

Other

    Use official semver even for main releases fab41f42 @bep #5639
    Add test for --configDir 59d87044 @bep #5662
    Ignore unknown config files in config dir 3244cb3b @bep #5646
    Store supported config formats in a variable d9282cf9 @tryzniak
    Bump to Go 1.11.5 8ed2a1ca @bep #5654
    Update Afero e8596139 @bep #5650
    Accept hyphen and plus sign in emoji detection 3038464e @anthonyfok #5635
    Support numeric sort in ByParam 26f75edb @tryzniak #5305
    Make hugo server -t work again db3c49d0 @tryzniak #5569#5061#4868
    Add configFile(s) back to the watch list after RENAME event too e3cb8e6c @anthonyfok #5205
    Remove historical rssURI config 55251aa8 @mywaiting
    Use subtests with server_test.go 843fcd19 @tryzniak
    Move resource interfaces into its own package ce8a09a4 @bep
    Move resource processors into sub-packages 669ada43 @bep
    Update _index.md 50745122 @vrMarc
    Update go.sum 0584432b @bep
    Update Chroma cc351958 @bep #4993
    Make docshelper run again c24f3ae2 @bep #5568

Fixes
Templates

    Fix reflect 9e4f9e0b @moorereason #5564

Other

    Fix some inline shortcode issues c52045bb @bep #5645#5653
    Fix OpenGraph image fallback to site params 526b5b1c @statik
    Fix Params case handling in the new site global e1a66c73 @bep #5615
    cache/namedmemcache: Fix data race 3f3187de @bep
2019-02-19 17:32:01 +00:00
ryoon
38d5f0d2fe Update to 65.0.1
* Sync with www/firefox-65.0.1
* Remove obsolete MESSAGE file
2019-02-19 15:25:46 +00:00
ryoon
d43ab5c3b9 Update to 65.0.1
Changelog:

Fixed
    Fixed accidental requests to addons.mozilla.org when an addon recommendation doorhanger is shown (bug 1526387)

    Improved playback of interactive Netflix videos (bug 1524500)

    Fixed color management not working on macOS (bug 1506495)

    Fixed incorrect sizing of the "Clear Recent History" window in some situations (bug 1523696)

    Fixed audio & video delays while making WebRTC calls (bug 1521577 & bug 1523817)

    Fixed video sizing problems during some WebRTC calls (bug 1520200)

    Fixed looping CONNECT requests when using WebSockets over HTTP/2 from behind a proxy server (bug 1523427)

    Fixed the "Enter" key not working on password entry fields for certain Linux distributions (bug 1523635)

    Various stability and security fixes.

Security fixes:
#CVE-2018-18356: Use-after-free in Skia
#CVE-2019-5785: Integer overflow in Skia
#CVE-2018-18511: Cross-origin theft of images with ImageBitmapRenderingContext
2019-02-19 15:23:53 +00:00
adam
0859119e88 py-soupsieve: updated to 1.8
1.8.0
NEW: Add custom selector support.
FIX: Small tweak to CSS identifier pattern to ensure it matches the CSS specification exactly. Specifically, you can't have an identifier of only -.
FIX: CSS string patterns should allow escaping newlines to span strings across multiple lines.
FIX: Newline regular expression for CSS newlines should treat \r\n as a single character, especially in cases such as string escapes: \\\r\n.
FIX: Allow -- as a valid identifier or identifier start.
FIX: Bad CSS syntax now raises a SelectorSyntaxError, which is still currently derived from SyntaxError, but will most likely be derived from Exception in the future.
2019-02-19 09:43:56 +00:00
adam
ad3cb6c9a3 py-test-httpbin: updated to 1.0.0
v1.0.0:
Update included self-signed cert to include IP address in SAN. Full version bump because this could be a breaking change for those depending on the certificate missing the IP address in the SAN (as it seems the requests test suite does)
Only use @pytest.fixture decorator once
Fix a few README typos
2019-02-18 11:47:11 +00:00
adam
22c3434027 py-raven: updated to 6.10.0
6.10.0
[Core] Fixed stackframes in some situations being in inverse order.
[Flask] Fix wrong exception handling logic (accidentally relied on Flask internals).
[Core] No longer send NaN local vars as non-standard JSON.
2019-02-18 11:44:22 +00:00
adam
f4b35f2fb2 py-httplib2: updated to 0.12.1
0.12.1
* Catch socket timeouts and clear dead connection
* Officially support Python 3.7 (package metadata)
2019-02-17 08:59:28 +00:00
bsiegert
c59196b93a Update caddy to 0.11.4.
0.11.4 (February 15, 2019)

  * New -json-to-caddyfile and -caddyfile-to-json flags
  * Fix leaking logging goroutine on SIGUSR1
  * basicauth: Error is logged when authentication fails
  * proxy: Fix bug by re-adding pre-existing trailing slashes
  * tls: Fix bug related to certificate storage path

0.11.3 (February 5, 2019)

  * New {server_port} placeholder
  * New third-party plugin: extauth
  * New flags -log-roll-mb and -log-roll-compress
  * basicauth: Bypass for OPTIONS method
  * errors/log: Ability to disable log rolling
  * proxy: New subdirective 'ca_certificates'
  * staticfiles: Require GET method to serve static files
  * tls: Fixes to self-signed certs, IP certs, email prompts, & more
  * SOLVED REGRESSIONS: #2356, #2414
  * A number of other important fixes and improvements

0.11.2 (January 16, 2019)

  * Extracted automagic TLS code into CertMagic library
  * Add support for new clustering plugins
  * New placeholder: '{when_iso_local}'
  * New third-party plugins: s3browser, filebrowser
  * Removed third-party plugins: jekyll, hugo
  * bind: Support multiple interface values
  * import: Can now be used within directive blocks
  * proxy: Status 499 when clients close connection early
  * templates: No longer emit ETag and Last-Modified headers
  * tls: Support for the ACME TLS-ALPN-01 challenge
  * KNOWN/UNRESOLVED REGRESSIONS: #2356, #2414
  * Several bug fixes and minor improvements

0.11.0

This release has been about 6 months in the making! Featuring an integrated
telemetry client, you can now view stats about your Caddy instance and
contribute to Internet research. Telemetry is entirely optional. Read the blog
post and telemetry docs for more information, and check out our global stats!
You can also look up details about your own instances there.

Full change list:

  * Built with Go 1.10.2
  * Integrated optional telemetry client
  * proxy: Fixed file descriptor leak

0.10.14

  * tls: Fix error handling bug when obtaining certificates

0.10.13

Caddy 0.10.13 is a minor release that fixes security flaws in TLS client
authentication and On-Demand TLS. It is recommended that everyone relying on
these capabilities upgrade. This release also has bug fixes for the Caddyfile
parser (caught by fuzzing) and handling errors when a certificate could not be
obtained via ACME.

Do not use this version, it cannot obtain certificates due to a bug. Version
0.10.14 fixed this.

Change list:

  * New third-party plugin: supervisor
  * Updated QUIC
  * proxy: Fix transparent pass-thru of X-Forwarded-For
  * proxy: Configurable timeout to upstream
  * rewrite: Now supports regular expressions on single-line
  * tls: StrictHostMatching mode to prevent client auth bypass
  * tls: Disable client auth when using QUIC
  * tls: Require same client auth cert pools per hostname
  * tls: Prevent On-Demand TLS directory traversal
  * tls: Fix empty files when using ACME fails to obtain cert
  * Fixed test broken by 1.1.1.1 resolving
  * Improved Caddyfile parser robustness by fuzzing

0.10.12

This release brings ACMEv2 and wildcard certificate support!

Read the release announcement blog post for details. There's some things in
there you should know, including a description of how some really cool features
work.

Thanks to everyone who contributed to this release!

Change list:

  * Switch to Let's Encrypt ACMEv2 production endpoint
  * Support for automated wildcard certificates
  * Support distributed solving of HTTP-01 challenge
  * New {labelN}, {tls_cipher}, and {tls_version} placeholders
  * Curly braces can now be escaped when not used as placeholders
  * New third-party plugin: geoip
  * Updated QUIC
  * fastcgi: Add SSL_CIPHER and SSL_PROTOCOL environment variables
  * log: New 'except' subdirective to exempt paths from logging
  * startup/shutdown: Removed in favor of 'on'
  * tls: Default minimum version is TLS 1.2
  * tls: Revert to fallback cert if no cert matches SNI
  * tls: New 'wildcard' subdirective to force automated wildcard cert
  * Several significant bug fixes and improvements!
2019-02-16 19:20:52 +00:00
adam
cbf85e164f py-WebTest: updated to 2.0.33
2.0.33:
- Fixed 210. Allow to reset select multiple with field.value = []
- Support for PYTHONOPTIMIZE=2, fix tests on PYTHONOPTIMIZE=1, 2
- Fixed 196. Fix deprecation warnings for collections to use
  collections.abc for Iterable on Python 3.
2019-02-15 13:01:22 +00:00
wiz
15fbc14701 py-google-api-python-client: update to 1.7.8.
v1.7.8
  Version 1.7.8

  Bugfix release
  - Convert '$' in method name to '_' ([#616](https://github.com/googleapis/google-api-python-client/pull/616))
  - Alias unitest2 import as unittest in test__auth.py ([#613](https://github.com/googleapis/google-api-python-client/pull/613))

v1.7.7
  Version 1.7.7

    Bugfix release
    - Change xrange to range ([#601](https://github.com/google/google-api-python-client/pull/601))
    - Typo in http.py exception message. ([#602](https://github.com/google/google-api-python-client/pull/602))

    - Announce deprecation of Python 2.7 ([#603](https://github.com/google/google-api-python-client/pull/603))
    - Updates documentation for stopping channel subscriptions ([#598](https://github.com/google/google-api-python-client/pull/598))
    - Adding example for searchAppearance ([#414](https://github.com/google/google-api-python-client/pull/414))

    - Add badges ([#455](https://github.com/google/google-api-python-client/pull/455))
2019-02-14 10:25:07 +00:00
wiz
09876f9fc3 py-mechanize: update to 0.4.0.
Changes not found.
2019-02-13 20:19:06 +00:00
adam
278d85a2fd py-channels: updated to 2.1.7
2.1.7:
* HTTP request body size limit is now enforced
* database_sync_to_async now closes old connections before it runs code
* Auth middleware closes old connections before it runs
2019-02-13 15:57:01 +00:00
adam
3d67758b4d py-daphne: updated to 2.2.5
2.2.5:
* WebSocket handshakes are now affected by the websocket connect timeout, so
  you can limit them from the command line.
* Server name can now be set using --server-name
2019-02-13 15:55:41 +00:00
adam
7808ab7776 py-django-js-asset: updated to 1.2.1
1.2:
Reformatted the code using Black.
Added equality of JS() objects to avoid adding the same script more than once in the same configuration.
Determine the static callable at module import time, not each time a static path is generated.
Customized the repr() of JS() objects.
Added Python 3.7 and Django 2.2 to the test matrix.
2019-02-12 13:22:49 +00:00
adam
88bec9ef89 py-django-admin-rangefilter: updated to 0.3.12
0.3.12:
- Added russian translation
2019-02-12 13:21:28 +00:00
kleink
0b57ff26a9 drraw: SUBST_SED -> SUBST_VARS. 2019-02-12 13:20:46 +00:00
adam
a3052de4cb py-django2: updated to 2.1.7
2.1.7:
Bugfixes
Corrected packaging error from 2.1.6

2.1.6:
CVE-2019-6975: Memory exhaustion in django.utils.numberformat.format()¶

If django.utils.numberformat.format() – used by contrib.admin as well as the the floatformat, filesizeformat, and intcomma templates filters – received a Decimal with a large number of digits or a large exponent, it could lead to significant memory usage due to a call to '{:f}'.format().

To avoid this, decimals with more than 200 digits are now formatted using scientific notation.

Bugfixes
Made the obj argument of InlineModelAdmin.has_add_permission() optional to restore backwards compatibility with third-party code that doesn’t provide it
2019-02-12 13:16:07 +00:00
adam
27a82968a9 py-django: updated to 1.11.20
1.11.20:
Bugfixes
Corrected packaging error from 1.11.19

1.11.19:
CVE-2019-6975: Memory exhaustion in django.utils.numberformat.format()

If django.utils.numberformat.format() – used by contrib.admin as well as the the floatformat, filesizeformat, and intcomma templates filters – received a Decimal with a large number of digits or a large exponent, it could lead to significant memory usage due to a call to '{:f}'.format().

To avoid this, decimals with more than 200 digits are now formatted using scientific notation.
2019-02-12 13:11:56 +00:00
leot
2439ba9864 webkit-gtk: Update to 2.22.6
pkgsrc changes:
 - Set USE_GCC_RUNTIME to depends on gcc6-libs when pkgsrc gcc is used
   (XXX: Not tested and not clear if currently mk/compiler/gcc.mk DTRT
    XXX: regarding (if not, that's probably why firefox/mozilla-common.mk
    XXX: abuses USE_PKGSRC_GCC_RUNTIME!))

Changes:
WebKitGTK+ 2.22.6
=================
 - Make kinetic scrolling slow down smoothly when reaching the ends of
   pages, instead of abruptly, to better match the GTK+ behaviour.
 - Fix Web inspector magnifier under Wayland.
 - Fix garbled rendering of some websites (e.g. YouTube) while scrolling
   under X11.
 - Fix several crashes, race conditions, and rendering issues.
2019-02-09 11:29:44 +00:00
wen
cc877d3263 Update to 7.64
Upstream changes:
Major changes since 7.63:

    Issue #3018637 by emilymoi, das-peter: [regression] Unset the 'host' header in drupal_http_request() during redirect
    Compatibility fixes for PHP 7.3 (#3020771)
    Compatibility fixes for MySQL 5.7 (#2981248)

All changes since 7.63:

    #1430934 by johnish@gmail.com, DamienMcKenna, Berdir, malcomio, Dane Powell, zerolab, er.pushpinderrana, akosipax, njbarrett, Fabianx, alesr, David_Rothstein, littledynamo, das-peter: Notice: Undefined index: display_field in file_field_widget_value() (line 582 of /module/file/file.field.inc)
    #1470656 by Damien Tournoud, joseph.olstad, Pol, Fabianx, catch: Registry rebuild should not parse the same file twice in the same request
    #3028364 by Pol, Fabianx: Update function _registry_update() and move module_implements() and _registry_check_code() calls out of the try/catch
    #3018637 by emilymoi, das-peter: [regression] Unset the 'host' header in drupal_http_request() during redirect
    #3026529 by alexpott: 7.x does not have Phar protection and Phar tests are failing on Drupal 7
    #2482549 by Pol, marcelovani, ndf, drupal@guusvandewal.nl, TR, jenlampton, kaidjohnson, ufku, MiSc, David_Rothstein, RobLoach, pablo.guerino, afoster, geerlingguy, SebCorbin, joelpittet, JohnAlbin: Fix up commit - convert short array styles to long.
    #3023066 by Pol, mfb: [PHP 7.3] Fix BootstrapMiscTestCase::testCheckMemoryLimit() notice
    #2482549 by Pol, marcelovani, ndf, drupal@guusvandewal.nl, jenlampton, ufku, kaidjohnson, MiSc, David_Rothstein, RobLoach, SebCorbin, geerlingguy, pablo.guerino, JohnAlbin, joelpittet, afoster: Ignore node_module folder in core to use Drupal with npm/grunt/nodejs
    #3020771 by Ayesh, Pol, sjerdo: [PHP 7.3] strpos explicit string needle warnings
    #2981248 by mfb, LFP6, msti: MySQL 5.7 incompatibility in system upgrade 7061
2019-02-09 00:15:53 +00:00
wen
8db45b3a5c Update to 8.6.9
Remove the patch that included in upstream

Upstream changes:
8.6.7:
This is a hotfix release for a regression affecting some Drush installations that was introduced by the fix for SA-CORE-2019-002. No other fixes are included.

8.6.8:
Changes since 8.6.7

    #2975539 by mondrake, alexpott, marcoscano, desierto: Changing machine name of image style leads to WSOD when loading widgets that used the old name
    #2859315 by quietone, heddn, jhodgdon: SQL error from profile_fields when migrating d6 (or d7) to d8 without Profile module
    #2443165 by davidwbarratt, amateescu, HOG, kostyashupenko, yched, Berdir, andypost, alexpott, tstoeckler, xjm: Drupal\Core\Entity\EntityInterface\ContentEntityStorageBase::doCreate() assumes that the bundle is a string
    #2849074 by decafdennis, alexpott, zuuperman, AdamPS, sagesolutions, tucho, xjm: SiteConfigureForm overrides value from install profile
    #3007716 by Sam152, kevin.dutra, jhedstrom, larowlan: Security update introduces breaking changes to content moderation
    #2215857 by michielnugter, Lendude, gmercer, tim.plunkett, cferthorney, marabak, olli, ericmulder1980, TwoD, sanduhrs, stella, dww, nod_: Behaviors get attached to removed forms
    #3017812 by ibustos, joachim: Language selector is immune to hook_entity_field_access in entity forms
    #2900883 by larskhansen, GaëlG, kalyansamanta, Chi, tim.plunkett, Gábor Hojtsy, joachim: Wrong documentation of Drupal\Component\Plugin\Derivative\DeriverInterface::getDerivativeDefinitions()
    #3027595 by amateescu, pmelab: Incorrect blacklist condition in WorkspaceManager
    #2725259 by sardara, andrewmacpherson, claudiu.cristea, tedbow, alwaysworking, droplet, techmsi, kwoxer, xjm, alexpott, lauriii, catch, cilefen, Cottser: [regression] Table Drag handles no longer respond to up/down arrow keys
    Revert "Issue #2725259 by sardara, andrewmacpherson, claudiu.cristea, tedbow, alwaysworking, droplet, techmsi, kwoxer, xjm, alexpott, @catch, @cilefen, @Cottser, @lauriii: [regression] Table Drag handles no longer respond to up/down arrow keys"
    #2725259 by sardara, andrewmacpherson, claudiu.cristea, tedbow, alwaysworking, droplet, techmsi, kwoxer, xjm, alexpott, @catch, @cilefen, @Cottser, @lauriii: [regression] Table Drag handles no longer respond to up/down arrow keys
    #2937073 by tim.plunkett, Saviktor, tedbow: Improve robustness of FieldBlockTest
    #2973713 by quietone, Adita, etecjdo, apmsooner, mikeryan, gnuschichten, tstoeckler: cache_key source plugin configuration not documented
    #2949555 by quietone, ankitjain28may: Correct the documentation on method UserMigrationClassTest
    #3025685 by quietone: Add error msg to assertions in MigrateSourceTestBase
    #3026840 by izus: Fix plural typo in workspaces field
    #3024452 by kfritsche, hchonov, alexpott: DatabaseStorageExpirable:setWithExpireIfNotExists is not respecting expired
    #2999908 by penyaskito: View more link in recipe cards is not fully translated
    #3028819 by alwaysworking: Update username
    #2916021 by d.olaresko, wengerk, Chi, xjm, dawehner, idebr: Update "Running tests" section in core.api.php
    #2953995 by kjay, starshaped, rachel_norfolk, Vidushi Mehta, cferthorney, HAL 9000, Eli-T, markconroy, steveparks: Update the Umami Vegan Chocolate Brownie recipe
    #3028608 by danharper, Eli-T, markconroy, Not Real: Umami - favicon
    #2940027 by jmsosso: Add change record to @deprecated for AccountInterface
    #2995150 by msankhala, tim.plunkett: Command examples in core/tests/README.md are confusing and not executable
    #3024184 by seanB, andrewmacpherson, Kristen Pol: Make the tabbing order match the visual reading order in MediaLibraryWidget
    #2668416 by Krzysztof Domański, wheatpenny, Lendude, alexpott: Wrong assert in NodeTitleTest
    #2981870 by Lendude, alexpott: Duplicate BrokenSetUpTest for BrowserTestBase
    #2809513 by Lendude, brentgees: Convert AJAX part of \Drupal\responsive_image\Tests\ResponsiveImageFieldUiTest to JavascriptTestBase and the rest to BrowserTestBase
    #3027574 by tuutti: SqlContentEntityStorage no longer update entities with certain (id) fields
    #3026043 by Berdir: ConfigEntityBase::__sleep() serializes plugin instances if they were not previously initialized
    #3021395 by quietone, alexpott: MigrateDrupalTestBase::migrateContent(['translations') does not migrate translations
    Revert "Issue #3003238 by Sam152, amateescu, Berdir: EntityStorageException: Default revision can not be deleted in content_moderation_entity_revision_delete()"
    #2987418 by quietone, Kristen Pol: Rename MigrateUpgrade tests
    #3003238 by Sam152, amateescu, Berdir: EntityStorageException: Default revision can not be deleted in content_moderation_entity_revision_delete()
    #3026470 by alexpott, jrockowitz, Joseph Zhao: ArchiveTar is throwing fatal error
    Merged 8.6.7.
    Merged 8.6.6.
    #3015992 by Krzysztof Domański, alexpott, larowlan: Not affecting spacing in PhpTransliterationTest
    #2998769 by kiamlaluno, quietone, kkalaskar: @see directive used in the wrong place outputs the wrong HTML markup
    #3000677 by catch, Shane Birley, featherbelly, alexpott, larowlan: Fatal error after upgrade to 8.6x [due to regression in extension system]
    #2955457 by pfrenssen, Chewie, unrealauk, alexpott, Pol: ConfigFactory static cache gets polluted with data from config overrides
    #3020142 by mglaman, tim.plunkett: Test module no_transitions_css has invalid hook_page_attachments
    #3007973 by tim.plunkett, lukasss, xopoc, bnjmnm, stompersly: Layout builder prevents the rendering of extra fields (like Links) on pages not using Layout Builder
    #3024259 by Pol, alexpott: [PHP 7.3] Fix EnvironmentTest::providerTestCheckMemoryLimit() notice
    #3023747 by mikelutz, heddn: D6 profile migrations assume stubs, which fail
    #2978922 by brathbone, philipnorton42, msankhala, hardikpandya, alexpott, siliconmeadow: Improve batch_process() documentation
    #2845975 by quietone, Jo Fitzgerald, aleevas, maxocub, Gábor Hojtsy: Migrate Drupal 6 user profile field value option translations
    #2701829 by alexpott, andypost, Soul88, Graber, Eduardo Morales, dawehner, pingwin4eg, catch, Berdir, jibran, httang12: Extension objects should not implement \Serializable
    #2693727 by mikelutz, sanduhrs, CalebD, ajlib, Lendude, tstoeckler, catch: Limiting options for exposed Language filters causes errors and doesn't work for special languages

8.6.9:
Changes since 8.6.8:

    #2215857 followup by gaydamaka, timmillwood, alexpott, lauriii: Regression on Internet Explorer 11
    #3031128 by alexpott, TrevorBradley, indigoxela, catch, cilefen, larowlan, jibran: Update from 8.6.7 to 8.6.8 warnings - Drupal\Core\Extension\Extension has no unserializer
    Revert "Issue #2924201 by tim.plunkett, tedbow, larowlan, xjm, jibran, Kristen Pol: Resolve random failure in LayoutBuilderTest so that it can be added to HEAD"
    #2924201 by tim.plunkett, tedbow, larowlan, xjm, jibran, Kristen Pol: Resolve random failure in LayoutBuilderTest so that it can be added to HEAD
2019-02-09 00:09:53 +00:00
wen
522e9ab24e Update to 2.5.0
Update DEPENDS

Upstream changes:
v2.5.0    2019-02-08 22:18:11Z
        - Strip some control characters from links (GH#34) (Olaf Alders)
        - Enable empty_element_tags in HTML::Parser (GH#35) (Olaf Alders)

v2.4.1    2019-02-05 14:13:16Z
        - Bump version of Type::Tiny to 1.002001. (GH#33) (Olaf Alders).  Issue
          reported by Slaven Rezić (GH#32).

v2.4.0    2019-02-05 02:51:05Z
        - Process text until it returns the same value twice. (GH#31) (Olaf
          Alders).  Issue raised in (GH#29) by Juraj Major.
        - Add max_parser_loops attribute
2019-02-08 23:45:33 +00:00
schmonz
6643337b33 Update to 3.20190207. From the changelog:
* graph: Add an optional "file" parameter
* emailauth: When email can't be sent, show the error message
* osm: Don't raise errors if tags don't have attached icons
* cgi: Avoid C compiler warnings for waitpid() on NetBSD
* Hide popup template content from documentation (Closes: #898836)
* meta: Make [[!meta date]] show an error if dates are invalid or
  Date::Parse can't be loaded
* inline: Cope with non-ASCII `rootpage` parameter.
  Thanks, Feng Shu
* table: Cope with non-ASCII content in CSV format tables.
  Thanks, Feng Shu
* trail: Allow unescaped punctuation in `pagenames` parameter
* comments: Hide "add comment" link from print stylesheet.
  Thanks, Antoine Beaupré
* recentchangesdiff, relativedate, toggle:
  Import JavaScript at the end of the page content, not the beginning,
  so that the browser can render content as soon as possible.
  Thanks, Antoine Beaupré
* inline: Add basic test coverage for [[!inline rootpage]]
* table: Add basic test coverage
* po: Add enough test coverage to reproduce Debian #911356
* comments: Improve test coverage
* tests: Exercise Unicode more
* aggregate: Fix aggregation of posts without a title.
  Thanks, Alexandre Oliva
* poll: Added postlink and posttrail options for better multi-page polls.
* Fix permalink to comments.
2019-02-07 15:47:32 +00:00
jnemeth
51d5e2168b sort 2019-02-07 05:09:35 +00:00
taca
9dcfaa0a4a www/ruby-padrino: update to 0.14.4
* pkgsrc change: ruby-padrion-gen handles ruby-bundler dependency for
  ruby26.

0.14.4 (2018-11-05)

* FIX #2177 regexp routes and trailing slashes (@pdlug)
* FIX #2182 NoMethodError on `ar` tasks with activerecord v5.2.0+ (@sue445)
* FIX #2185 self.authenticate method in mongoid.rb.tt (@LarryFransson)
* FIX #2179 Deprecate safe_level of `ERB.new` in Ruby 2.6 (@koic)
* FIX #2193 nested require_dependencies (@genkami)
2019-02-06 15:03:07 +00:00
taca
f47d92c5f6 www/ruby-sinatra-contrib: update to 2.0.5
### sinatra-contrib

* Add `flush` option to `content_for` [#1225](https://github.com/sinatra/sinatra/pull/1225) by Shota Iguchi

* Drop activesupport dependency from sinatra-contrib [#1448](https://github.com/sinatra/sinatra/pull/1448)

* Update `yield_content` to append default to ERB template buffer [#1500](https://github.com/sinatra/sinatra/pull/1500) by Jordan Owens
2019-02-06 14:55:55 +00:00
taca
efa0cad3d7 www/ruby-sinatra: update to 2.0.5
## 2.0.5 / 2018-12-22

* Avoid FrozenError when params contains frozen value [#1506](https://github.com/sinatra/sinatra/pull/1506) by Kunpei Sakai

* Add support for Erubi [#1494](https://github.com/sinatra/sinatra/pull/1494) by @tkmru

* `IndifferentHash` monkeypatch warning improvements [#1477](https://github.com/sinatra/sinatra/pull/1477) by Mike Pastore

* Improve development support and documentation and source code by Anusree Prakash, Jordan Owens, @ceclinux and @krororo.
2019-02-06 14:54:35 +00:00
taca
fdad34cf51 www/ruby-jekyll: update to 3.8.5
3.8.5 (2018-11-04)

* pkgsrc change: Handle ruby-bundler dependency for ruby26.

Bug Fixes

* Re-implement handling Liquid blocks in excerpts (#7250)
2019-02-06 14:51:37 +00:00
taca
a7a597857c www/ruby-rails*: restrict ruby-bunlder dependency
Restrict ruby-bunlder dependency with ruby26.
No bump PKGREVISION since these were broken with ruby26.
2019-02-06 14:43:20 +00:00
adam
84ef1c46ff py-test-django: updated to 3.4.7
3.4.7:
Bugfixes
* Fix disabling/handling of unittest methods with pytest 4.2+


3.4.6:
Bugfixes
* django_find_project: add cwd as fallback always

Misc
* Enable tests for Django 2.2 and add classifier
* Disallow pytest 4.2.0 in install_requires
2019-02-06 08:51:48 +00:00
adam
978afc3d03 curl: updated to 7.64.0
curl and libcurl 7.64.0

This release includes the following changes:
* cookies: leave secure cookies alone
* hostip: support wildcard hosts
* http: Implement trailing headers for chunked transfers
* http: added options for allowing HTTP/0.9 responses
* timeval: Use high resolution timestamps on Windows

This release includes the following bugfixes:
* CVE-2018-16890: NTLM type-2 out-of-bounds buffer read
* CVE-2019-3822: NTLMv2 type-3 header stack buffer overflow
* CVE-2019-3823: SMTP end-of-response out-of-bounds read
* FAQ: remove mention of sourceforge for github
* OS400: handle memory error in list conversion
* OS400: upgrade ILE/RPG binding.
* README: add codacy code quality badge
* Revert http_negotiate: do not close connection
* THANKS: added several missing names from year <= 2000
* build: make 'tidy' target work for metalink builds
* cmake: added checks for variadic macros
* cmake: updated check for HAVE_POLL_FINE to match autotools
* cmake: use lowercase for function name like the rest of the code
* configure: detect xlclang separately from clang
* configure: fix recv/send/select detection on Android
* configure: rewrite --enable-code-coverage
* conncache_unlock: avoid indirection by changing input argument type
* cookie: fix comment typo
* cookies: allow secure override when done over HTTPS
* cookies: extend domain checks to non psl builds
* cookies: skip custom cookies when redirecting cross-site
* curl --xattr: strip credentials from any URL that is stored
* curl -J: refuse to append to the destination file
* curl/urlapi.h: include "curl.h" first
* curl_multi_remove_handle() don't block terminating c-ares requests
* darwinssl: accept setting max-tls with default min-tls
* disconnect: separate connections and easy handles better
* disconnect: set conn->data for protocol disconnect
* docs/version.d: mention MultiSSL
* docs: fix the --tls-max description
* docs: use $(INSTALL_DATA) to install man page
* docs: use meaningless port number in CURLOPT_LOCALPORT example
* gopher: always include the entire gopher-path in request
* http2: clear pause stream id if it gets closed
* if2ip: remove unused function Curl_if_is_interface_name
* libssh: do not let libssh create socket
* libssh: enable CURLOPT_SSH_KNOWNHOSTS and CURLOPT_SSH_KEYFUNCTION for libssh
* libssh: free sftp_canonicalize_path() data correctly
* libtest/stub_gssapi: use "real" snprintf
* mbedtls: use VERIFYHOST
* multi: multiplexing improvements
* multi: set the EXPIRE_*TIMEOUT timers at TIMER_STARTSINGLE time
* ntlm: fix NTMLv2 compliance
* ntlm_sspi: add support for channel binding
* openssl: adapt to 3.0.0, OpenSSL_version_num() is deprecated
* openssl: fix the SSL_get_tlsext_status_ocsp_resp call
* openvms: fix OpenSSL discovery on VAX
* openvms: fix typos in documentation
* os400: add a missing closing bracket
* os400: fix extra parameter syntax error
* pingpong: change default response timeout to 120 seconds
* pingpong: ignore regular timeout in disconnect phase
* printf: fix format specifiers
* runtests.pl: Fix perl call to include srcdir
* schannel: fix compiler warning
* schannel: preserve original certificate path parameter
* schannel: stop calling it "winssl"
* sigpipe: if mbedTLS is used, ignore SIGPIPE
* smb: fix incorrect path in request if connection reused
* ssh: log the libssh2 error message when ssh session startup fails
* test1558: verify CURLINFO_PROTOCOL on file:// transfer
* test1561: improve test name
* test1653: make it survive torture tests
* tests: allow tests to pass by 2037-02-12
* tests: move objnames-* from lib into tests
* timediff: fix math for unsigned time_t
* timeval: Disable MSVC Analyzer GetTickCount warning
* tool_cb_prg: avoid integer overflow
* travis: added cmake build for osx
* urlapi: Fix port parsing of eol colon
* urlapi: distinguish possibly empty query
* urlapi: fix parsing ipv6 with zone index
* urldata: rename easy_conn to just conn
* winbuild: conditionally use /DZLIB_WINAPI
* wolfssl: fix memory-leak in threaded use
* spnego_sspi: add support for channel binding
2019-02-06 08:02:48 +00:00
bsiegert
0aa7ad0ee5 Update php-apcu to 5.1.16. From Michael Moll via Github pull request.
Closes NetBSD/pkgsrc#42.

5.1.16
- Fix build on OSX.

5.1.15
- Restore apc.serializer=php as the default, as the "default" serializer
  still/again has issues.
- Fix possible issues in persistence of arrays with the "default" serializer.
- Attempt to reduce shared memory fragementation.

5.1.14
- Fixed GH #347: Disable slam defense by default.
- Fix potential issue with destruction of locks. This does not affect Linux,
  but might affect Windows and BSD.
- Use mutex instead of rwlock for shared memory allocator (if pthreads mutex
  available).
- Require only read-lock for apcu_cas(), by using atomic compare-and-swap.

5.1.13
- Reimplement persistence logic using precise allocation rather than memory
  pools. This reduces memory usage of cache entries, especially for small
  values, and improves performance of persisting and unpersisting values.
- Fixed GH #335: Stampede protection is broken.
- Fixed GH #328: Segfault in apcu_key_info() if APCu is disabled.
- Generally make the behavior of functions if APCu is disabled more consistent.
- Fixed PHP bug #72980: Empty strings are now consistently allowed as cache
  keys.
- Optimized apcu_key_info() and apcu_cache_info() by using interned strings.
- Fix build against PHP master (PHP 7.4).
- Many changes to internal C APIs.

5.1.12
- gh#307: Fix 'Timout' sort option (apc.php).
- gh#308: Keep search parameter on cache entry detail link (apc.php).
- Fix --enable-apcu-clear-signal support.
- Show entries with expired global TTL in APCuIterator.
- Respect TTL when calculating APCuIterator totals.
- The per-entry TTL now always takes precedence over the global TTL.
- The global TTL is now always relative to the access time.
- apcu_inc() and apcu_dec() no longer update hard-expired entries. Instead a
  new entry is created.
- Added optional $ttl argument to apcu_inc() and apcu_dec(), used when creating
  a new entry.
- PHP bug #76145: Fix use of APCu inside Serializer::(un)serialize().
- gh#304: If apcu_cas() is used on a non-existing entry, don't insert it.
- gh#295: Improve APCuIterator performance by using PCRE JIT and preallocating
  key strings.
- Reduce the memory overhead of cache entries.
- Prevent potential memory corruption in the cache slam defense implementation.
- Ensure cache entry references are released on bailout during unserialization.
- Make support for atomic operations a hard requirement for building APCu.
- Check write-lock acquisition for failure, to help debugging deadlock
  situations.
- Make sure apcu_inc/dec are atomic when working on a non-existing entry.
- Many changes to internal C APIs.

5.1.11
- fix gh#246 apcu_entry hangs
- fix gh#259 deadlock in apcu_store
- fix gh#281 undefined variable in apc.php
- fix handling of fatal errors in apcu_entry
- check string lengths when looking up keys
- many internal C APIs changed
2019-02-05 18:58:02 +00:00
taca
97714a4d94 www/ruby-rack-contrib: update to 2.1.0
* pkgsrc change: add "USE_LANGAUGES= # none" line.

2.1.0 (2018-10-04)

Spring has sprung so let's make a new release

New features:

* Rack::PostBodyContentTypeParser -- you can now pass a block to the
  middleware to override the default "parse me some JSON" behaviour.
  Thanks to Kris Dekeyser (@Kris-LEBIS) for the patch.

* Ruby 2.5 support -- we're now running the test suite through Ruby 2.5.1, as
  well as the latest patch releases of all other Ruby releases supported by
  rack-contrib (back to 2.2, the same as Rack itself). The only "interesting"
  change here is that some Rack::Profiler printers no longer work, which is
  not our fault, but rather a problem with ruby-prof.

Bug fixes:

* Remove a deprecation warning about has_rdoc. Thanks to Luciano Sousa
  (@lucianosousa) for the patch.
2019-02-03 15:57:27 +00:00
taca
190a31896e www/ruby-rack16: update to 1.6.11
* pkgsrc change: add "USE_LANGAUGES= # none" line.

Update to 1.6.11 which fixes security problems of CVE-2018-16471.
(CVE-2018-16470 is only for rack 2.0.x.)
2019-02-03 15:53:03 +00:00
taca
5ef31ef721 www/ruby-rack: update to 2.0.6
* pkgsrc change: add "USE_LANGAUGES= # none" line.

Update to 2.0.6 which fixes security problems of CVE-2018-16470 and
CVE-2018-16471.
2019-02-03 15:51:31 +00:00
taca
fa81e3e595 Allow Ruby 2.6 to build. 2019-02-03 13:45:06 +00:00
tsutsui
b642a9a21e ruby-gnome2: update to 3.3.2.
Upstream changes (from NEWS):

== Ruby-GNOME2 3.3.2: 2019-02-03

This is a bug fix release of 3.3.1.

=== Changes

==== Ruby/GObjectIntrospection

  * Fixed

    * Fixed wrong nil check.
      [GitHub#1270][Patch by moveccr]

    * Fixed a memory leak when module function is used with block.
      [GitHub#1270][Reported by Izumi Tsutsui]

==== Ruby/GTK3

  * Improvements

    * Add backward compatibility APIs:

      * (({Gtk::Screen#add_style_provider}))

      * (({Gtk::Screen#remove_style_provider}))

      * (({Gtk::StyleContext.add_provider_for_screen}))

      * (({Gtk::StyleContext#add_provider}))

=== Thanks

  * moveccr

  * Izumi Tsutsui
2019-02-03 07:02:52 +00:00
leot
d53424c758 gnurl: Include all needed bl3
(No PKGREVISION bump since there are no gnurl bl3 users at the moment.)
2019-02-02 09:00:56 +00:00
gdt
1833ef2702 curl: Drop redundant comment 2019-02-01 18:10:21 +00:00
ryoon
900ac42416 Update to 65.0
* Sync with www/firefox-65.0
2019-02-01 16:50:00 +00:00
ryoon
fd9bde396f Fix a typo 2019-02-01 16:49:40 +00:00
ryoon
a42dfe6625 Bump PKGREVISION
* Use graphics/libwebp
* Bump devel/cbindgen requirement (PR pkg/53925)
* Enable system's addons, for example langpacks from www/firefox-l10n
* Fix potential configure error from clock_gettime(CLOCK_MONOTONIC, ...)
2019-02-01 16:47:59 +00:00
kleink
a769c5d32b www: + py-flask-restplus 2019-02-01 15:31:58 +00:00
kleink
e9553e7d45 www/py-flask-restplus: Import Flask-RestPlus 0.12.1.
Flask-RESTPlus is an extension for Flask that adds support for
quickly building REST APIs. Flask-RESTPlus encourages best practices
with minimal setup. If you are familiar with Flask, Flask-RESTPlus
should be easy to pick up. It provides a coherent collection of
decorators and tools to describe your API and expose its documentation
properly using Swagger.
2019-02-01 15:31:02 +00:00
gdt
370c68c082 gnurl: Import from wip (packaged by ng0)
libgnurl is a fork of libcurl. The goal for libgnurl is to support
only HTTP and HTTPS (and only HTTP 1.x) with a single crypto backend
(GnuTLS) to ensure a small footprint and uniform experience for
developers regardless of how libcurl was compiled.
This software is mainly used by GNUnet. The modifications to curl
are kept to the bare minimum, intended to track upstream closely.
gnurl is not a replacement for curl, so different paths are used.
2019-02-01 15:21:28 +00:00
prlw1
b9d9c0bb6e Update drupal7 to 7.63
This is a hotfix release for a regression affecting some Drush
installations that was introduced by the fix for SA-CORE-2019-002. No
other fixes are included.
2019-02-01 14:58:19 +00:00
wiz
fabf577027 ocsigen: remove patches that are not in distinfo 2019-01-31 09:13:08 +00:00
adam
a3537d9682 py-scrapy: updated to 1.6.0
Scrapy 1.6.0:

Highlights:
* better Windows support;
* Python 3.7 compatibility;
* big documentation improvements, including a switch
  from .extract_first() + .extract() API to .get() + .getall()
  API;
* feed exports, FilePipeline and MediaPipeline improvements;
* better extensibility: :signal:item_error and
  :signal:request_reached_downloader signals; from_crawler support
  for feed exporters, feed storages and dupefilters.
* scrapy.contracts fixes and new features;
* telnet console security improvements, first released as a
  backport in :ref:release-1.5.2;
* clean-up of the deprecated code;
* various bug fixes, small new features and usability improvements across
  the codebase.
2019-01-31 09:07:46 +00:00
adam
cf9b9ff311 py-django-extensions: updated to 2.1.5
2.1.5
Changes:
New: ipdb, pdb and wdb filters
Fix: ForeignKeySearchInput, error with widget render(...) parameters on Django 2.1
Fix: pipchecker, unsupported format string passed to NoneType.format error
Tests: bunch of new test cases
2019-01-31 08:16:03 +00:00
adam
85599e94d8 py-django-admin-rangefilter: updated to 0.3.11
0.3.11:
Avoid loading admin_static in templates under Django>=1.10
2019-01-31 08:12:51 +00:00
tnn
55453e09f7 remove obsolete hacks.mk & reduce diffs between mozilla derivative packages 2019-01-29 22:33:57 +00:00
ryoon
b162dbd38d Updatet to 65.0
Changelog:
New

    Enhanced tracking protection: Simplified content blocking settings give users standard, strict, and custom options to control online trackers. A redesigned content blocking section in the site information panel (viewed by expanding the small “i” icon in the address bar) shows what Firefox detects and blocks on each website you visit. To learn more about content blocking, visit the Mozilla Blog.

    A better experience for multilingual users: An updated Language section in Preferences allows users to install multiple language packs and order language preferences for Firefox and websites, without having to download locale-specific versions.

    Support for Handoff on macOS: Continue browsing across devices. Pick up where you left off with iOS (via Firefox or Safari) on Firefox on Mac.

    A better video streaming experience for Windows users: Firefox now supports the next-generation, royalty-free video compression technology called AV1. Read about Mozilla’s contribution to this new open standard.

    Improved performance and web compatibility, with support for the WebP image format: WebP brings the same image quality as existing formats at smaller file sizes, which saves bandwidth and speeds up page load.

Fixed

    Various security fixes.

Changed

    Enhanced security for macOS, Linux, and Android users via stronger stack smashing protection which is now enabled by default for all platforms. "Stack smashing" is a common security attack in which malicious actors corrupt or take control of a vulnerable program.

    Firefox will now warn you when closing a window (regardless of whether you have automatic session restore enabled for restart).

    Easier performance management: The revamped Task Manager page found at about:performance now reports memory usage for tabs and add-ons.

    Improved the pop-up blocker to prevent multiple pop-up windows from being opened by websites at the same time.

Security fixes:
Not available yet.
2019-01-29 16:28:22 +00:00
adam
8ea6444c5e py-waitress: updated to 1.2.1
1.2.1:

Bugfixes
- When given an IPv6 address in X-Forwarded-For or Forwarded for=
  waitress was placing the IP address in REMOTE_ADDR with brackets:
  [2001:db8::0], this does not match the requirements in the CGI spec which
  REMOTE_ADDR was lifted from. Waitress will now place the bare IPv6
  address in REMOTE_ADDR: 2001:db8::0.
2019-01-29 14:30:03 +00:00