Upstream changes:
0.25 2018-06-10 20:55:10Z
- merged required and recommended Data::OptList version prerequisite, to
work around CPAN.pm bug (RT#123447)
Upstream changes:
1.3400 2018-06-15 23:08:34+01:00 Europe/London
Promoting previous trial releases to stable.
1.3205 2018-06-13 22:59:32+01:00 Europe/London (TRIAL RELEASE)
[ENHANCEMENTS]
- require MIME::Types 2.17, as 2.16 has some funny ideas, like responding to a
ZIP file with 'application/vnd.easykaraoke.cdgdownload'
- Fix YAML-related test failures if YAML::XS not installed
(GH 1184, PR 1189, bigpresh)
[BUG FIXES]
- Avoid accidental route matches if a previous successful match had left %+
populated (GH 1187, PR 1188, bigpresh, reported by skington)
1.3204 2018-05-23 14:40:33+01:00 Europe/London (TRIAL RELEASE)
[ENHANCEMENTS]
- Try to use 127.0.0.11 for listen tests, fall back to 127.0.0.1
on systems that don't have 127/8, e.g. FreeBSD (GH 1183, PR 1185, bigpresh)
1.3203 2018-05-20 20:44:30+01:00 Europe/London (TRIAL RELEASE)
[DOCUMENTATION]
- Add environment var hint to cookbook (PR 1161, castaway)
[ENHANCEMENTS]
- Make it possible to switch out YAML for YAML::XS for config parsing and
serialisation (there was already an attempt at this in place, and it was
documented as posisble, but didn't work) (PR 1164, 1nickt)
- New test method response_redirect_like (PR 1159, 1nickt)
- New config option raw_request_body_in_ram, which controls whether the
raw request body is available via request->body or not. See Issue #1140
for the problems the previous approach, of getting it from the temp file
that HTTP::Body might (or might not) have written it to.
- Validate session IDs read from client - GH #1172 - potential security
risk if the session provider in use passes the session ID in a way
where injection is possible.
1.3301 2016-02-16
[BUG FIXES]
- Reverted session ID validation (PR-1155) as it breaks
Dancer::Session::Cookie (bigpresh)
1.3300 2016-02-15
[BUG FIXES]
- More temp directory handling fixes (Issue #1147)
- Avoid request body truncation in hand-assembled requests in tests (PR
1148, skington)
- Avoid tests failing when "localhost" doesn't resolve (PR 1142, gbarco)
- Avoid test failures due to race condition in selecting a port to listen
on by using 127.0.0.10 instead (more of a hacky workaround than a fix,
but should help (bigpresh)
- Fix YAML session handler under taint mode (chrisjrob)
- Make request->body work again for URL-encoded POST requests - Issue 1140
reported by miyagawa (bigpresh)
- Validate session IDs read from cookies before passing to session engine,
to protect against any engine that might feed that value straight to a
file path for security - Issue 1118 (bigpresh)
[DOCUMENTATION]
- Better doc for forward_for_address (PR 1146, Relequestual)
[ENHANCEMENTS]
- Let Dancer::Test::dancer_response() handle supplying multiple params
with the same name - Issue 1116 (bigpresh)
HTTP::CookieJar implements a minimalist HTTP user agent cookie jar in
conformance with RFC 6265.
Unlike the commonly used HTTP::Cookies module, this module does not require
use of HTTP::Request and HTTP::Response objects. An LWP-compatible adapter
is available as HTTP::CookieJar::LWP.
add netbsd/arm EABI target. recognise dwarf2 unwinding in the common arm code.
switch convoluted stddef.h logic from relying on include guards having certain
names to only applying for netbsd, which should be the sole remaining user.
(necessary for netbsd/arm, which uses different include guards for ansi.h)
move linux/alpha code out of shared alpha+ELF header.
make all netbsd targets include netbsd-stdint.h.
Fixes PR pkg/52951.
Bump PKGREVISION. bump gcc7-libs PKGREVISION above this one.
Fluent Bit is a Data Forwarder for Linux, Embedded Linux, OSX and BSD
family operating systems. It's part of the Fluentd Ecosystem. Fluent
Bit allows collection of information from different sources, buffering
and dispatching them to different outputs such as Fluentd,
Elasticsearch, Nats or any HTTP end-point within others. It's fully
supported on x86_64, x86 and ARM architectures.
Release 0.65.0
core:
* SplashOutputDev: Add the invisible character check beginType3Char. Bug #106244
* XRef: Fix runtime undefined behaviour. Bug #105970
* Fix issues with malformed documents. Bug #104942, #103238
* Remove GooHash after replacing it by std::unordered_map
* Add conversion methods between GooString and std::string.
cpp:
* Add newline after error message
* Expose more image modes, add option to select mode in renderer. Bug #105558
build system:
* Fix compilation with libc++
* Small improvement to FindLIBOPENJPEG2.cmake
qt5:
* Add widget annot actions to FormFields
utils:
* pdffonts: Minor formatting changes in the man page. Bug #105194
==================
WebKitGTK+ 2.20.3
==================
What's new in WebKitGTK+ 2.20.3?
- Fix installation directory of API documentation.
- Disable Gigacage if mmap fails to allocate in Linux.
- Add user agent quirk for paypal website.
- Properly detect compiler flags, needed libs, and fallbacks for usage of 64-bit atomic operations.
- Fix a network process crash when trying to get cookies of about:blank page.
- Fix UI process crash when closing the window under Wayland.
- Fix several crashes and rendering issues.
- Security fixes: CVE-2018-4190, CVE-2018-4199, CVE-2018-4218, CVE-2018-4222, CVE-2018-4232,
CVE-2018-4233, CVE-2018-4246, CVE-2018-11646.
Mercurial 4.6.1 (2018-06-06)
This is a regularly-scheduled bugfix release that also contains security fixes.
1.1. Security Fixes
Multiple issues found in mpatch.c with a fuzzer:
OVE-20180430-0001
OVE-20180430-0002
OVE-20180430-0004
With the following fixes:
mpatch: be more careful about parsing binary patch data (SEC)
mpatch: protect against underflow in mpatch_apply (SEC)
mpatch: ensure fragment start isn't past the end of orig (SEC)
mpatch: fix UB in int overflows in gather() (SEC)
mpatch: fix UB integer overflows in discard() (SEC)
mpatch: avoid integer overflow in mpatch_decode (SEC)
mpatch: avoid integer overflow in combine() (SEC)
No exploits are known at the time, however, it is highly recommended that all users upgrade.
1.2. Bug Fixes
Also included in this release are the following,
zstandard: pull in bug fixes from upstream 0.9.1 (issue5884)
bundle2: fix old clients from reading newer format (issue5872)
bdiff: fix xdiff long/int64 conversion (issue5885)
push: continue without locking on lock failure other than EEXIST (issue5882)
lfs: fix crash in command server (issue5902)
hghave: fix deadlock in test runner
rebase: fix error when computing obsoletenotrebased (issue5907)
rebase: prioritize indicating an interrupted rebase over update (issue5838)
revset: pass in lookup function to matchany() (issue5879)
Overview of changes leading to 1.8.1
Tuesday, June 12, 2018
====================================
- Fix hb-version.h file generation; last two releases went out with wrong ones.
- Add correctness bug in hb_set_t operations, introduced in 1.7.7.
- Remove HB_SUBSET_BUILTIN build option. Not necessary.
3.28.3 - 2018-05-31
-------------------
* Fix Gio.Application leak in case no signal handler is set before.
:issue:`219`
* Squash critical warning when using array as hash value
(:user:`Philip Withnall <pwithnall>`)
Version 0.16.6
==============
*released on 13 June 2018*
- **Packagers:** Documentation building no longer needs a working installation
of vdirsyncer.
Version 0.16.5
==============
*released on 13 June 2018*
- **Packagers:** click-log 0.3 is required.
- All output will now happen on stderr (because of the upgrade of ``click-log``).
-----------------
2018-06-07 3.5.2
-----------------
* Explicitly include <signal.h> in _posixsubprocess_helpers.c; it already
gets configure checked and pulled in via Python's own <Python.h> in many
circumstances but it is better to be explicit. #IWYU
If you were using subprocess32 on a Python interpreter built *without*
the --with-fpectl configure option enabled, restore_signals is now
useful rather than a no-op. I do not know if such builds were common.
* Adds a functional test for restore_signals=True behavior.
Notmuch 0.27 (2018-06-13)
=========================
General
-------
Add support for thread:{} queries
Queries of the form `thread:{foo} and thread:{bar}` match threads
containing (possibly distinct) messages matching foo and bar. See
`notmuch-search-terms(7)` for details.
Command Line Interface
----------------------
Add the --full-scan option to `notmuch new`
This option disables mtime based optimization of scanning for new mail.
Add new --decrypt=stash option for `notmuch show`
This facilitates a workflow for encrypted messages where message
cleartext are indexed on first read, but the user's decryption key
does not have to be available during message receipt.
Documentation
-------------
An initial manual for `notmuch-emacs` is now installed by default (in
`info` format).
Dependencies
------------
As of this release, support for versions of Xapian before 1.4.0 is
deprecated, and may disappear in a future release of notmuch.
