1.5.2 [2019-03-12]
==================
* Fix bug in AES encryption affecting certain file sizes
* Keep file permissions when modifying zip archives
* Support systems with small stack size.
* Support mbed TLS as crypto backend.
* Add nullability annotations.
Changes for Version 2.8 (2019-02-20)
* Show cherry-pick merges as dotted lines on the timeline graph.
The "fossil rebuild" command must be run to create and
populate the new "cherrypick" table in the repository in order
for this feature to operate.
* Add the ability to associate branches, check-ins, and tags with
specially-named Wiki pages. This gives the ability to better
document branches and tags, and provide more documentation on
check-ins beyond the check-in comment. The associated Wiki is
automatically displayed on /info pages for check-ins, and on
/timeline?r=BRANCH and /timeline?t=TAG pages for branches and
tags. This feature is on by default, but can be disabled in on
the Admin/Wiki page.
* Enhance the repository list page (shown for example by
"fossil all ui") so that it shows the name and last check-in
time for each project. The implementation of the repository
list page is now broken out into a separate source file (repolist.c).
* Allow users with Forum Supervisor permission ('6') to add Forum
Write Trusted permission ('4') to users as they are approving a
forum post by that user.
* When running a bisect, report the number of check-ins still in
the search range and the estimated number of bisect steps remaining.
Do this at each step of the bisect.
* Provide a permanent link to a bisect timeline using the bid= query
parameter.
* Make the chronological forum display feature available to all users,
and make it the default format on mobile devices.
* Break out Wiki setup into a separate /setup_wiki page, accessible
on the standard menus through Admin/Wiki.
* Add "Next" and "Previous" buttons on the /wdiff page, allowing
the user to step through the versions of a wiki page.
* Improve the display of the /whistory page.
* Omit the "HH:MM" timestamps on timeline graphs on narrow-screen
devices, to improve horizontal space uses. This helps make Fossil
more mobile-friendly.
* Enhance /wcontent to show a sortable list of Wiki pages together
with the number of revisions and the most recent change time for
each page.
* Hyperlinks to Wiki pages on the /timeline go to the specific
version of the Wiki page named in the timeline, not to the latest
version.
* Enhancements to the "amend", "tag", and "reparent" commands, including
adding options --override-date, --override-user, and --dry-run.
* Add the global --comment-format command-line option and the
comment-format setting to control the display of the command-line
timeline.
* Change the "fossil reparent" command so that it only works from
within an active checkout.
* On the /setup_ucap_list, show administrators how many users have
each capability. The counts are a hyperlink to the /setup_ulist
page showing the subset of users that have that capability.
* Provide the ability to redirect all HTTP pages to HTTPS. Formerly
one could cause this to occur for the /login page only. That option
still exists, but the redirect can now also be done for all pages.
* "Compress" the built-in javascript by omitting comments and
leading and trailing whitespace.
* Detect when the repository used by a checkout is swapped out for
a clone that uses different RID values, and make appropriate adjustments
to the checkout database to avoid any problems.
* Add the backoffice-disable setting to completely disable the
backoffice feature.
* Update the built-in SQLite to version 3.27.1.
* Various other small enhancements to webpages and documentation.
Upstream changes:
Features
- Add local-zone type inform_redirect, which logs like type inform,
and redirects like type redirect.
- Perform canonical sort for 0x20 capsforid compare of replies,
this sorts rrsets in the authority and additional section before
comparison, so that out of order rrsets do not cause failure.
- Print query name with ip_ratelimit exceeded log lines.
Spaces instead of tabs in that log message.
- Print query name and IP address when domain rate limit exceeded.
Bug Fixes
- Fix#4224: auth_xfr_notify.rpl test broken due to typo
- Fix locking for libunbound context setup with broken port config.
- Fix case in which query timeout can result in marking delegation
as edns_lame_known.
- Set ub_ctx_set_tls call signature in ltrace config file for
libunbound in contrib/libunbound.so.conf.
- improve documentation for tls-service-key and forward-first.
- #10: fixed pkg-config operations, PKG_PROG_PKG_CONFIG moved out of
conditional section, fixes systemd builds, from Enrico Scholz.
- #9: For openssl 1.0.2 use the CRYPTO_THREADID locking callbacks,
still supports the set_id_callback previous API. And for 1.1.0
no locking callbacks are needed.
- #8: Fix OpenSSL without ENGINE support compilation.
- Wipe TLS session key data from memory on exit.
- Fix that log-replies prints the correct name for local-alias
names, for names that have a CNAME in local-data configuration.
It logs the original query name, not the target of the CNAME.
- Fix#4206: OpenSSL 1.0.2 hostname verification for FreeBSD 11.2.
- Fix that qname minimisation does not skip a label when missing
nameserver targets need to be fetched.
- Fix#4225: clients seem to erroneously receive no answer with
DNS-over-TLS and qname-minimisation.
- Note default for module-config in man page.
- Fix#13: Remove left-over requirements on OpenSSL >= 1.1.0 for
cert name matching, from man page.
- Fix capsforid canonical sort qsort callback.
- Fix pythonmod include and sockaddr_un ifdefs for compile on
Windows, and for libunbound.
- Fix the error for unknown module in module-config is understandable,
and explains it was not compiled in and where to see the list.
- In example.conf explain where to put cachedb module in module-config.
- In man page and example config explain that most modules have to
be listed at the start of module-config.
- Fix#4227: pair event del and add for libevent for tcp_req_info.
- Fix#4229: Unbound man pages lack information, about access-control
order and local zone tags, and elements in views.
- Fix#14: contrib/unbound.init: Fix wrong comparison judgment
before copying.
- Fix for python module on Windows, fix fopen.
- Remove memory leak on pythonmod python2 script file init.
- Remove swig gcc8 python function cast warnings, they are ignored.
- Print correct module that failed when module-config is wrong.
Pkgsrc changes:
* Update license to "mit", to track upstream.
Upstream changes:
* Change license to modern MIT license for compatibility with
GPLv2 software.
* src/fstrm_replay.c: For OpenBSD and Posix portability include
netinet/in.h and sys/socket.h to get struct sockaddr_in and the
AF_* defines respectively.
* Fix various compiler warnings.
Update dovecot2-pigeonhole to 0.5.5 for dovecot 2.3.5.
v0.5.5 2019-03-05 Stephan Bosch <stephan@rename-it.nl>
+ IMAPSieve: Add new plugin/imapsieve_expunge_discarded setting which
causes messages discarded by an IMAPSieve script to be expunged
immediately, rather than only being marked as "\Deleted" (which is
still the default behavior).
- IMAPSieve: Fix panic crash occurring when a COPY command copies
messages from a virtual mailbox where the source messages originate
from more than a single real mailbox.
- imap4flags extension: Fix deleting all keywords. When the action
resulted in all keywords being removed, no changes were actually
applied.
- variables extension: Fix truncation of UTF-8 variable content. The
maximum size of Sieve variables was enforced by truncating the
variable string content bluntly at the limit, but this does not
consider UTF-8 code point boundaries. This resulted in broken UTF-8
strings. This problem also surfaced for variable modifiers, such as
the ":encodeurl" modifier provided by the Sieve "enotify" extension.
In that case, the resulting URI escaping could also be truncated
inappropriately.
- IMAPSieve, IMAP FILTER=SIEVE: Fix replacing a modified message. Sieve
scripts running in IMAPSIEVE or IMAP FILTER=SIEVE context that
modify the message, stored the message a second time, rather than
replacing the originally stored unmodified message.
- Fix segmentation fault occurring when both the sieve_extprograms
plugin (for the Sieve interpreter) and the imap_filter_sieve plugin
(for IMAP) are loaded at the same time. A symbol was defined by both
plugins, causing a clash when both were loaded.
Add security patch for rubygems, fixing these problem.
* CVE-2019-8320: Delete directory using symlink when decompressing tar
* CVE-2019-8321: Escape sequence injection vulnerability in verbose
* CVE-2019-8322: Escape sequence injection vulnerability in gem owner
* CVE-2019-8323: Escape sequence injection vulnerability in API response handlin
g
* CVE-2019-8324: Installing a malicious gem may lead to arbitrary code execution
* CVE-2019-8325: Escape sequence injection vulnerability in errors
https://www.ruby-lang.org/en/news/2019/03/05/multiple-vulnerabilities-in-rubygems/
Since original patch included in official announce dose not cleanly applied to
Ruby 2.4.5, use a local version which drop patch to none existing test.
Bump PKGREVISION.
Add security patch for rubygems, fixing these problem.
* CVE-2019-8320: Delete directory using symlink when decompressing tar
* CVE-2019-8321: Escape sequence injection vulnerability in verbose
* CVE-2019-8322: Escape sequence injection vulnerability in gem owner
* CVE-2019-8323: Escape sequence injection vulnerability in API response handlin
g
* CVE-2019-8324: Installing a malicious gem may lead to arbitrary code execution
* CVE-2019-8325: Escape sequence injection vulnerability in errors
https://www.ruby-lang.org/en/news/2019/03/05/multiple-vulnerabilities-in-rubygems/
Since original patch included in official announce dose not cleanly applied to
Ruby 2.5.3, use a local version which drop patch to none existing test.
Bump PKGREVISION.
Add security patch for rubygems, fixing these problem.
* CVE-2019-8320: Delete directory using symlink when decompressing tar
* CVE-2019-8321: Escape sequence injection vulnerability in verbose
* CVE-2019-8322: Escape sequence injection vulnerability in gem owner
* CVE-2019-8323: Escape sequence injection vulnerability in API response handling
* CVE-2019-8324: Installing a malicious gem may lead to arbitrary code execution
* CVE-2019-8325: Escape sequence injection vulnerability in errors
Bump PKGREVISION.
Changelog:
Notmuch 0.28.3 (2019-03-05)
===========================
Library
-------
Fix a bug with the internal data structure _notmuch_string_map_t used
by message properties.
Build System
------------
Serialize calls to sphinx-build to avoid race condition.
Changelog:
Changes from 1.5.4 to 1.6.0:
----------------------------
* Bug fixes:
- Fixed issue where packages which referenced missing packages in
Requires.private may have crashed due to memory corruption issues
in some circumstances.
- Fixed warnings reported by GCC 8 diagnostics.
* Enhancements:
- Add LIBPKGCONF_VERSION and LIBPKGCONF_VERSION_STR macros for
determining libpkgconf version.
- Add pkgconf_fragment_copy_list() to copy a fragment list to
another fragment list.
Changes from 1.5.3 to 1.5.4:
----------------------------
* Bug fixes:
- fix build on Windows with Meson
- fix edge cases for path canonicalization (especially on Windows)
Changes from 1.5.2 to 1.5.3:
----------------------------
* Security fixes:
- Fix edge cases involving dequoting zero-length tuples that can lead to a
buffer overflow under the right circumstances. Thanks to A. Wilcox for
reporting and supplying a patch. (MR 3)
Changes from 1.5.1 to 1.5.2:
----------------------------
* Bug fixes:
- Ensure environment variables override values learned from personality files
or built-in defaults.
* Documentation enhancements:
- Add pkgconf-personality(5) manpage documenting the personality file format.
Changes from 1.5.0 to 1.5.1:
----------------------------
* Bug fixes:
- fixed a crash with some invalid multi-line .pc files
Changes from 1.4.2 to 1.5.0:
---------------------------
* Administrative:
- The git repository has moved to <https://git.dereferenced.org/pkgconf/pkgconf>,
due to the acquisition of GitHub by Microsoft.
* Overall enhancements:
- pkgconf now supports the proposed Requires.internal pkg-config extension,
by merging it with the Requires.private list (there is no functional difference
between the two in our resolver implementation)
- Support for cross-compilation personalities have been added. To make use of this
functionality, create a file in the new personality.d directory that sits inside
the pkgconfig directory. The personality file format is described in
pc-personality(5). (github #166)
- Support for Haiku has been added, including interpretation of BELIBRARIES and
other toolchain specifics. (github #180)
- Testsuite support can be disabled when building with Meson. (github #175)
* Bug fixes:
- tuples are now appropriately dequoted when added by the parser (github #186).
* Various Windows enhancements:
- CMake supports building with GCC on Windows. (github #179)
- Prefix rewriting has been improved. (github #177)
- PKGCONF_API support has been implemented when building with Meson,
allowing Meson to be used to build pkgconf on Windows. (github #174)
* Documentation fixes:
- The manpages have been linted and fixed. (github #181, #182, #183)
- The description of pkgconf --exists has been corrected. (github #173)
Changes from 1.4.1 to 1.4.2:
----------------------------
* Bug fixes:
- ensure pkgconf_dependency_t nodes have a solution marked when satisfied
by an indirect provider (github #172)
Changelog:
NSPR 4.21 contains the following changes:
- Use MAP_SHARED for read-only file mappings on MacOS and Android.
- Changed prbit.h to use builtin function on aarch64.
- Test program build fixes.
- Minor fixes to support unified builds.
- Update library copyright notices.
- Removed Gonk/B2G references.
changes from 1.10 to 1.11
* Add modules for the following number formats:
- DNI (Documento Nacional de Identidad, Argentinian national identity nr.)
- VNR, SVNR, VSNR (Versicherungsnummer, Austrian social security number)
- NI (Número de identidad, Cuban identity card numbers)
- AMKA (Αριθμός Μητρώου Κοινωνικής Ασφάλισης, Greek social security number)
- Asmens kodas (Lithuanian, personal numbers)
- MAC address (Media Access Control address)
- IDNO (Moldavian company identification number)
- CURP (Clave Única de Registro de Población, Mexican personal ID)
- Fødselsnummer (Norwegian birth number, the national identity number)
- New Zealand bank account number
- Personnummer (Swedish personal identity number)
* Code style improvements
* Change Dominican Republic DGII check URL to HTTPS
* Support Ecuadorian Cedula and RUC of foreigners
* Add format() function for Argentinian CUIT number
* Support passing formatted numbers to all get_birth_date() and similar functions
* Handle Dominican Republic DGII lookup returning multiple entities
Upstream changes:
Moodle 3.6.3 release notes
Releases > Moodle 3.6.3 release notes
Release date: 11 March 2019
Here is the full list of fixed issues in 3.6.3.
Fixes and improvements
MDL-63892 - Last post date and time shown correctly on forum page
MDL-64609 - Gradebook regrading no longer gets stuck
MDL-43428 - Quiz now displays the correct time left when quiz close date before time limit
MDL-62345 - Site home and Dashboard now have different data-key attributes when the home page is set to site
MDL-61405 - All assignment 'View annotated PDF' buttons work
MDL-64632 - Invalid response value detected messaging error fix
MDL-63103 - Server files performance improvement for sites with lots of activities and files
MDL-64528 - Activities can no longer be marked as complete when the context is frozen
MDL-63677 - Users no longer redirected back to a policy agreement when creating a new account
MDL-55135 - View competency framework no longer required for viewing competencies in a course
MDL-62454 - Numerical question units are displayed on the same line
MDL-64553 - Notifications table has index for the useridfrom column
MDL-64521 - Participants page performance improvement for courses with ~50k users and 10 groups
MDL-48338 - A single simple discussion forum now scrolls to new posts
MDL-60972 - Deleting course sections now also delete files used in the section description
MDL-64652 - Data export performance improvement
MDL-63674 - RTL languages correctly aligned in messaging interface
MDL-64171 - Course image scaled down when no course summary
MDL-64240 - Forum post word count correctly reflects the size of posts
MDL-62680 - Accessibility improvement for quiz question feedback
MDL-64679 - Option to clear prediction for analytics trained models
MDL-62963 - Clearer button background in Boost
MDL-64640 - Deleting of feedback question and deleting of user tour step no longer give a 404 error
MDL-64856 - Glossary 'Actions menu' icon no longer disappears when browsing
MDL-64730 - External tool 0 points score now correctly recorded as zero in the gradebook
MDL-64464 - Drag and drop question types now allow use of mixed languages
MDL-62143 - Boost navigation bar accessibility improvements
MDL-64561 - Install database CLI script now shows help even if Moodle is already installed
MDL-64134 - Messaging search simpler UI when search returns no results
MDL-64385 - 'Allowed email domains' setting is now case insensitive
MDL-63628 - Download assignment submission files via keyboard accessibility fix
MDL-64469 - Question bank category edit link usability improvement
MDL-63378 - Boost theme menu links contrast accessibility fix
MDL-64143 - Messaging contacts are now shown in bold
MDL-64144 - Messaging search results now shown with date rather than time stamp
MDL-64971 - get_with_capability_join, get_users_by_capability, assign/unassign_capability now check the capability exists
