Version 2.4.0
- Allowed configuration of the Django settings module to be used via a
commandline argument
- If Django settings are not specified via a commandline argument or environment
variable, an error is issued but defaults are loaded from Django, removing the
fatal error behaviour.
- Fixed tests to work with pylint>2.6
- Fixed ``AttributeError: 'Subscript' object has no attribute 'name'`` error.
- Pin Faker version to Prevent Asteroid Crash
- Remove Python 3.5 Support (EOL since Sept 2020 and Faker requires 3.6 anyway)
- Fixed reverse manager ``update_or_create`` calls
## 3.0.10
* Adds support for PPC64 and ARM64 builds for distribution.
Thanks @sreekanth370
* Fixes warnings for invalid escape sequences Thanks @tirkarthi
Django 3.1.5 fixes several bugs in 3.1.4.
Fixed __isnull=True lookup on key transforms for JSONField with Oracle and SQLite.
Fixed a bug in Django 3.1 that caused a crash when processing middlewares in an async context with a middleware that raises a MiddlewareNotUsed exception.
Fixed a regression in Django 3.1 that caused the incorrect prefixing of STATIC_URL and MEDIA_URL settings, by the server-provided value of SCRIPT_NAME (or / if not set), when set to a URL specifying the protocol but without a top-level domain, e.g. http://myhost/
0.13.3
Fixed
Prevent swallowing of return codes from subprocess when running with Gunicorn by properly resetting signals.
Tweak detection of app factories to be more robust. A warning is now logged when passing a factory without the --factory flag.
Properly clean tasks when handshake is aborted when running with --ws websockets.
Mon 28 Dec 2020 21:36:00 MSK
Releasing libmicrohttpd 0.9.72. -EG
Mon 28 Dec 2020 09:37:00 MSK
Completely reworked and rewritten TCP_CORK, TCP_NOPUSH, TCP_NODELAY and
MSG_MORE handling. Reduced number of sys-calls, fixed portability for
FreeBSD, OpenBSD, NetBSD, Darwin, W32, Solaris.
Removed usage of gnutls_record_cork() as it fully blocks stream until
final block is ready.
Fixed compatibility with C90 compilers.
Really started using sendmsg() for header + body combined single-call
response sending.
Fixed sending of response body by sendmsg() when it shouldn't be sent,
like responses for HEAD requests.
Improved error handling for gnutls_record_send().
Updated W32 resources for .DLLs.
Fixed building with various disabled features (like messages, HTTPS,
http-upgrade, authorization etc.)
Fixed possible SIGPIPE generation when sendfile() is used (it was always
possible on Linux that sendfile() produce SIGPIPE, now it's fixed).
Several compiler warnings muted and/or fixed in the lib code and in
the examples. -EG
Sun 01 Nov 2020 17:17:00 MSK
Fixed conflict with system CPU_COUNT macro.
Minor improvements of error reporting in MHD daemon.
Fixed FTBFS with GnuTLS versions before 3.1.9
Fixed test_add_conn for multi-CPU machines.
Fixed analyzer warnings.
Fixed use-after-free and resources leaks for upgraded connections
in TLS mode with thread-per-connection. -EG
Sun 25 Oct 2020 19:31:00 MSK
Fixed epoll mode without listening socket.
Minor improvements of thread sync.
Fixed broken sendfile on FreeBSD.
Fixed broken MHD with thread-pool and without listening socket.
Added four tests for MHD_add_connection().
Fixed several resources leaks in error handlers.
Re-implemented scheme of handling of externally added connections,
fixed thread-safety. -EG
Wed 21 Oct 2020 10:00:58 AM CEST
Corking should be OFF when sending the footer (#6610). -AP/CG
Wed 07 Oct 2020 11:07:00 MSK
W32 default target version changed to Vista, XP is still supported.
Minor fixes and additional asserts for memorypool.
IPv6 tests are not used if IPv6 is disabled at run-time. -EG
Sun 27 Sep 2020 10:08:03 PM CEST
Fixed incorrect triggering of epoll edge polling for
"upgraded" TLS connections. Fixed a few cases where
gnutls_record_uncork() return value was still ignored,
possibly causing buffer to not be flushed correctly. -CG
Sat 26 Sep 2020 08:18:02 PM CEST
Make MHD_USE_NO_LISTEN_SOCKET work in conjunction with
MHD internal threads. -CG/DE
Thu 24 Sep 2020 16:55:00 MSK
Fixed compiler warnings on W32.
Minor optimisation of MHD_YES/MHD_NO internal usage.
Refactor and cleanup of internal debugging macros.
Updated HTTP status codes, header names and methods from
the registries.
Fixed portability of test_upgrade_large.
Minor testsuite fixes.
Restored parallel build of libmicrohttpd (except tests). -EG
Fri 11 Sep 2020 10:08:22 PM CEST
Fix crash problem in PostProcessor reported by MD. -CG
Fix GnuTLS configure test to check for gnutls_record_uncork. -CG
Wed 19 Aug 2020 09:40:39 AM CEST
Add logic to check on MHD_pool_reallocate() failure reported on the
mailinglist (will NOT yet fix the issue). -CG
Sun 26 Jul 2020 01:56:54 PM CEST
Add MHD_create_response_from_pipe() to allow creating a response based
on data read from a pipe. -CG
Fri Jul 10 15:04:51 CEST 2020
Fixed Postprocessor URL-encoded parsing if '%' fell on boundary. -CG/MD
Thu 02 Jul 2020 09:56:23 PM CEST
Fixed return type of MHD_queue_basic_auth_fail_response. -CA/CG
pkgsrc change:
* add LICENSE.
* remove restriction to PHP versions.
1.1.3 (2020-01-28)
- Improved documentation and examples included in the release package
1.1.2 (2020-01-26)
- PHP 8 compatibility; this now builds on PHP 5, PHP 7, and PHP 8
1.1.1 (2020-01-26)
- Mark maximum PHP version as 8.0.0; this will not build on PHP 8
1.1.0 (2020-01-26)
- PHP 7 compatibility
pkgsrc change: Switch to use PHP_VERSIONS_INCOMPATIBLE.
5.1.19 (2020-10-05)
- Fixed apcu_store() with integer keys (#388).
- Made apc.use_request_time=0 the default (#391).
- Made apcu compatible with PHP 8.0.
Changelog:
Fixed
* Fixed problems loading secure websites and crashes for users with certain
third-party PKCS11 modules and smartcards installed (bug 1682881).
* Fixed slower than expected performance and flickering on Canvas elements
for some Windows users (bug 1683116).
* Fixed a bug causing some Unity JS games to not load on Apple Silicon
devices due to improper detection of the OS version (bug 1680516).
* Fixed crashes caused by various third-party antivirus software.
=== RELEASE 2.21 ===
Sun Aug 2 15:26:02 cet 2020 mikulas:
Workaround for a crash on OS/2 caused by gcc3 bug
Thu Apr 16 18:17:39 CEST 2020 Emir Yasin SARI <bitigchi@me.com>:
Updated Turkish translation
Wed Jan 8 18:25:17 CET 2020 mikulas:
Fix a bug that textarea was broken if it immediatelly followed a list
Sun Nov 3 09:33:08 CET 2019 pluvano <me@pluvano.com>:
Delete the 4-pixel border in Xwindow
Tue Oct 8 20:26:47 CEST 2019 mikulas:
Fix a bug that an image would not be properly resized sometimes
Security Vulnerabilities fixed in Firefox ESR 78.6
#CVE-2020-16042: Operations on a BigInt could have caused uninitialized
memory to be exposed
#CVE-2020-26971: Heap buffer overflow in WebGL
#CVE-2020-26973: CSS Sanitizer performed incorrect sanitization
#CVE-2020-26974: Incorrect cast of StyleGenericFlexBasis resulted in a heap
use-after-free
#CVE-2020-26978: Internal network hosts could have been probed by a
malicious webpage
#CVE-2020-35111: The proxy.onRequest API did not catch view-source URLs
#CVE-2020-35112: Opening an extension-less download may have inadvertently
launched an executable instead
#CVE-2020-35113: Memory safety bugs fixed in Firefox 84 and Firefox ESR 78.6
Changelog:
New
* Native support for macOS devices built with Apple Silicon CPUs brings
dramatic performance improvements over the non-native build that was
shipped in Firefox 83: Firefox launches over 2.5 times faster and web apps
are now twice as responsive (per the SpeedoMeter 2.0 test). If you are on a
new Apple device, follow these steps to upgrade to the latest Firefox.
* WebRender rolls out to MacOS Big Sur, Windows devices with Intel Gen 6
GPUs, and Intel laptops running Windows 7 and 8. Additionally we'll ship an
accelerated rendering pipeline for Linux/GNOME/X11 users for the first
time, ever!
* Firefox now uses more modern techniques for allocating shared memory on
Linux, improving performance and increasing compatibility with Docker.
* Firefox 84 is the final release to support Adobe Flash.
Fixed
* Various security fixes
#CVE-2020-16042: Operations on a BigInt could have caused uninitialized memory
to be exposed
#CVE-2020-26971: Heap buffer overflow in WebGL
#CVE-2020-26972: Use-After-Free in WebGL
#CVE-2020-26973: CSS Sanitizer performed incorrect sanitization
#CVE-2020-26974: Incorrect cast of StyleGenericFlexBasis resulted in a heap
use-after-free
#CVE-2020-26975: Malicious applications on Android could have induced Firefox
for Android into sending arbitrary attacker-specified headers
#CVE-2020-26976: HTTPS pages could have been intercepted by a registered
service worker when they should not have been
#CVE-2020-26977: URL spoofing via unresponsive port in Firefox for Android
#CVE-2020-26978: Internal network hosts could have been probed by a malicious
webpage
#CVE-2020-26979: When entering an address in the address or search bars, a
website could have redirected the user before they were navigated to the
intended url
#CVE-2020-35111: The proxy.onRequest API did not catch view-source URLs
#CVE-2020-35112: Opening an extension-less download may have inadvertently
launched an executable instead
#CVE-2020-35113: Memory safety bugs fixed in Firefox 84 and Firefox ESR 78.6
Changes with nginx 1.19.6 15 Dec 2020
*) Bugfix: "no live upstreams" errors if a "server" inside "upstream"
block was marked as "down".
*) Bugfix: a segmentation fault might occur in a worker process if HTTPS
was used; the bug had appeared in 1.19.5.
*) Bugfix: nginx returned the 400 response on requests like
"GET http://example.com?args HTTP/1.0".
*) Bugfix: in the ngx_http_flv_module and ngx_http_mp4_module.
And while here, also update naxsi to 1.3.
Changes for naxsi 1.3:
*) Fixed regression on FILE_EXT confusion
*) Documented id 19 and 20 to rules
Changelog:
Version 20.0.4 December 17 2020
Changes
* Avoid dashboard crash when accessibility app is not installed (server#
24636)
* Bump ini from 1.3.5 to 1.3.7 (server#24649)
* Handle owncloud migration to latest release (server#24653)
* Use string for storing a OCM remote id (server#24654)
* Fix MySQL database size calculation (serverinfo#262)
* Bump cypress-io/github-action@v2 (viewer#722)
* Fix] sidebar opening animation (viewer#723)
* Fix not.exist cypress and TESTING checks (viewer#725)
Note: the main improvement in this very small release is the migration support.
Version 20.0.3 December 10 2020
Changes
* Check quota of subdirectories when uploading to them (server#24181)
* CircleId too short in some request (server#24196)
* Missing level in ScopedPsrLogger (server#24212)
* Fix nextcloud logo in email notifications misalignment (server#24228)
* Allow selecting multiple columns with SELECT DISTINCT (server#24230)
* Use file name instead of path in 'not allowed to share' message (server#
24231)
* Fix setting images through occ for theming (server#24232)
* Use regex when searching on single file shares (server#24239)
* Harden EncryptionLegacyCipher a bit (server#24249)
* Update ScanLegacyFormat.php (server#24258)
* Simple typo in comments (server#24259)
* Use correct year for generated birthdays events (server#24263)
* Delete files that exceed trashbin size immediately (server#24297)
* Update sabre/xml to fix XML parsing errors (server#24311)
* Only check path for being accessible when the storage is a object home
(server#24325)
* Avoid empty null default with value that will be inserted anyways (server#
24333)
* Fix contacts menu position and show uid as a tooltip (server#24342)
* Fix the config key on the sharing expire checkbox (server#24346)
* Set the display name of federated sharees from addressbook (server#24353)
* Catch storage not available in versions expire command (server#24367)
* Use proper bundles for files client and fileinfo (server#24377)
* Properly encode path when fetching inherited shares (server#24387)
* Formatting remote sharer should take protocol, path into account (server#
24391)
* Make sure we add new line between vcf groups exports (server#24443)
* Fix public calendars shared to circles (server#24446)
* Store scss variables under a different prefix for each theming config
version (server#24453)
* External storages: save group ids not display names in configuration
(server#24455)
* Use correct l10n source in files_sharing JS code (server#24462)
* Set frame-ancestors to none if none are filled (server#24477)
* Move the password fiels of chaging passwords to post (server#24478)
* Move the global password for files external to post (server#24479)
* Only attempt to move to trash if a file is not in appdata (server#24483)
* Fix loading mtime of new file in conflict dialog in firefox (server#24491)
* Harden setup check for TLS version if host is not reachable (server#24502)
* Fix file size computation on 32bit platforms (server#24509)
* Allow subscription to indicate that a userlimit is reached (server#24511)
* Set mountid for personal external storage mounts (server#24513)
* Only execute plain mimetype check for directories and do the fallback…
(server#24517)
* Fix vsprint parameter (server#24527)
* Replace abandoned log normalizer with our fork (server#24530)
* Add icon to user limit notification (server#24531)
* Also run repair steps when encryption is disabled but a legacy key is
present (server#24532)
* [3rdparty][security] Archive TAR to 1.4.11 (server#24534)
* Generate a new session id if the decrypting the session data fails (server#
24553)
* Revert "Do not read certificate bundle from data dir by default" (server#
24556)
* Dont use system composer for autoload checker (server#24557)
* Remember me is not an app_password (server#24563)
* Do not load nonexisting setup.js (server#24582)
* Update sabre/xml to fix XML parsing errors (3rdparty#529)
* Use composer v1 on CI (3rdparty#532)
* Bump pear/archive_tar from 1.4.9 to 1.4.11 (3rdparty#536)
* Replace abandoned log normalizer with our fork (3rdparty#543)
* Allow nullable values as subject params (activity#535)
* Don't log when unknown array is null (notifications#803)
* Feat/virtual grid (photos#550)
* Make sure we have a string to localecompare to (photos#583)
* Always get recommendations for dashboard if enabled (recommendations#336)
* Properly fetch oracle database information (serverinfo#258)
* Also register to urlChanged event to update RichWorkspace (text#1181)
* Move away from GET (text#1214)
