pkgsrc changes:
---------------
* The main maintainer seems to have changed. The GitHub repository has been
updated accordingly.
* Since the vendor dependencies has been removed from the Github release, we
use php-composer to resolve them.
upstream changes:
-----------------
Version 4.0.4 (to 4.0.3)
o Fix#321: Boolean settings in presets caused errors when trying to store
the preset's addressbooks to the database
o Fix#322: The refresh time string from admin presets was not converted to
seconds, causing errors or wrong values when storing the preset's
addressbooks to the database
o Fix#324: Changes not immediately visible with postgresql (delete contact,
add/remove contact to/from group)
o Fix: spurious error returned when creating VCard on Google
Version 4.0.3 (to 4.0.2)
o Allow release 1.0 of carddavclient in composer dependencies
o No changes to the plugin itself
Version 4.0.2 (to 4.0.1)
o Fix#316: Incompatibility with Sabre/VObject version 4 preventing saving
contacts using custom labels
o Fix: Default refresh time set to 1 sec in settings
Version 4.0.1 (to 4.0.0)
o Fix: Plugin version was not shown in about window for tarball installations
o Fix: Collation behavior was case-insensitive for MySQL (only). Now unified
across the different supported DBMS.
o Fix#306: With MySQL, sync failure could occur when several custom labels
where used that only differed in case (effect of previous issue).
o Fix#308: With SQLite, the initial sync after adding a new addressbook was
not automatically triggered.
Version 4.0.0 (to 3.0.3)
This release contains changes to DB schema. The database will be migrated
automatically upon login to roundcube.
o All changes from 4.0.0-alpha1
o Fix: Deletion of empty CATEGORIES-type groups
o Fix: Delete CATEGORIES-type groups from DB that become empty during a sync
o Fix: Renaming of empty CATEGORIES-type groups
o Fix: During deletion, do not rely on the DB's ON CASCADE DELETE because
this is disabled by default for SQLite
o Fix: It was not possible to discover multiple addressbooks for an admin
preset because of a wrong UNIQUE constraint in MySQL
o Fix: Catch exceptions thrown inside the plugin (avoid "white page" on error)
o Increase the maximum lengths of password, email and url fields
o Use transactions to synchronize concurrent operations on the same
addressbook (data consistency issues may still occur with MySQL because of
roundcube DB layer bug). For details, see DBSYNC.md.
o Unified database indexes across the different database backends: Create
indexes for foreign key columns (PostgreSQL, SQLite)
o Fixed issues in the migration scripts and added SQL scripts showing the
current DB schema
o Update hungarian translation (thanks to @tsabi)
Version 4.0.0-alpha1 (to 3.0.3)
Note: The Changelog for this version is not complete
This is an alpha release because I did not perform any tests on it.
Nevertheless, it has many bugs fixed and I encourage you to upgrade and report
issues as you find them. The last release 3.0.3 has many issues that have been
fixed with in v4. I push this release early mainly because of the security
issue reported. I'll continue working on remaining issues I want to fix (note:
all of them are also present in 3.0.3) for v4 and I intend release a more
tested version and a more detailed changelog within the next weeks.
o Security issue: It was possible to read data from other user's
addressbooks. Depending on the configuration, it might also have been
possible to change data in their addressbooks. Thanks to @cnmicha for
reporting this issue. This issue affects all previously released versions
of RCMCardDAV using a database cache.
o Many bugs you reported and several more I discovered during refactoring
have been fixed.
o The password scheme now defaults to encrypted (if you have not configured a
password scheme, this will take effect automatically for newly stored
password. If you don't want this, configure a password scheme in
settings.php).
o The URL is not changeable after creation of an addressbook anymore. It used
to work in specific, but not all cases. As the behavior is potentially
broken and not easy to fix, it is removed for now.
o The two kinds of contact groups (VCard-based vs. CATEGORIES-based) are not
transparently supported to the possible extent. The configuration switch is
only meaningful concerning the type of group used when a new group is
created from RCMCardDAV. See details here.
o The CardDAV interaction is moved to a library. It is essentially a complete
rewrite of the code communicating with the CardDAV servers and includes
interoperability tests with many common servers, see here.
upstream changes:
-----------------
Release notes for Grafana 7.4.3
Bug fixes
o AdHocVariables: Fixes crash when values are stored as numbers. #31382,
@hugohaggmark
o DashboardLinks: Fix an issue where the dashboard links were causing a full
page reload. #31334, @torkelo
o Elasticsearch: Fix query initialization logic & query transformation from
Prometheus/Loki. #31322, @Elfo404
o QueryEditor: Fix disabling queries in dashboards. #31336, @gabor
o Streaming: Fix an issue with the time series panel and streaming data
source when scrolling back from being out of view. #31431, @torkelo
o Table: Fix an issue regarding the fixed min and auto max values in bar
gauge cell. #31316, @torkelo
Release notes for Grafana 7.4.2
Features and enhancements
o Explore: Do not show non queryable data sources in data source picker.
#31144, @torkelo
o Snapshots: Do not allow an anonymous user to create snapshots. #31263,
@marefr
Bug fixes
o CloudWatch: Ensure empty query row errors are not passed to the panel.
#31172, @sunker
o DashboardLinks: Fix the links that always cause a full page to reload.
#31178, @torkelo
o DashboardListPanel: Fix issue with folder picker always showing All and
using old form styles. #31160, @torkelo
o IPv6: Support host address configured with enclosing square brackets.
#31226, @aknuds1
o Permissions: Fix team and role permissions on folders/dashboards not
displayed for non Grafana Admin users. #31132, @AgnesToulet
o Postgres: Fix timeGroup macro converts long intervals to invalid numbers
when TimescaleDB is enabled. #31179, @kurokochin
o Prometheus: Fix enabling of disabled queries when editing in dashboard.
#31055, @ivanahuckova
o QueryEditors: Fix an issue that happens after moving queries then editing
would update other queries. #31193, @torkelo
o SqlDataSources: Fix the Show Generated SQL button in query editors. #31236,
@torkelo
o StatPanels: Fix an issue where the palette color scheme is not cleared when
loading panel. #31126, @torkelo
o Variables: Add the default option back for the data source variable.
#31208, @hugohaggmark
o Variables: Fix missing empty elements from regex filters. #31156,
@hugohaggmark
Release notes for Grafana 7.4.1
Features and enhancements
o Influx: Make max series limit configurable and show the limiting message if
applied. #31025, @aocenas
o Make value mappings correctly interpret numeric-like strings. #30893,
@dprokop
o Variables: Adds queryparam formatting option. #30858, @hugohaggmark
Bug fixes
o Alerting: Fixes so notification channels are properly deleted. #31040,
@hugohaggmark
o BarGauge: Improvements to value sizing and table inner width calculations.
#30990, @torkelo
o DashboardLinks: Fixes crash when link has no title. #31008, @hugohaggmark
o Elasticsearch: Fix alias field value not being shown in query editor.
#30992, @Elfo404
o Elasticsearch: Fix log row context errors. #31088, @Elfo404
o Elasticsearch: Show Size setting for raw_data metric. #30980, @Elfo404
o Graph: Fixes so graph is shown for non numeric time values. #30972,
@hugohaggmark
o Logging: Ignore ‘file already closed’ error when closing file. #31119,
@aknuds1
o Plugins: Fix plugin signature validation for manifest v2 on Windows.
#31045, @wbrowne
o TextPanel: Fixes so panel title is updated when variables change. #30884,
@hugohaggmark
o Transforms: Fixes Outer join issue with duplicate field names not getting
the same unique field names as before. #31121, @torkelo
upstream changes:
-----------------
2.0.8 - 2021-02-25
==================
Broker:
- Fix incorrect datatypes in `struct mosquitto_evt_tick`. This changes the
size and offset of two of the members of this struct, and changes the size
of the struct. This is an ABI break, but is considered to be acceptable
because plugins should never be allocating their own instance of this
struct, and currently none of the struct members are used for anything, so a
plugin should not be accessing them. It would also be safe to read/write
from the existing struct parameters.
- Give compile time warning if libwebsockets compiled without external poll
support. Closes#2060.
- Fix memory tracking not being available on FreeBSD or macOS. Closes#2096.
Client library:
- Fix mosquitto_{pub|sub}_topic_check() functions not returning MOSQ_ERR_INVAL
on topic == NULL.
Clients:
- Fix possible loss of data in `mosquitto_pub -l` when sending multiple long
lines. Closes#2078.
Build:
- Provide a mechanism for Docker users to run a broker that doesn't use
authentication, without having to provide their own configuration file.
Closes#2040.
3.7.4 (2021-02-25)
Bugfixes
(SECURITY BUG) Started preventing open redirects in the aiohttp.web.normalize_path_middleware middleware. For more details, see https://github.com/aio-libs/aiohttp/security/advisories/GHSA-v6wp-4m6f-gcjg.
Thanks to Beast Glatisant for finding the first instance of this issue and Jelmer Vernooij for reporting and tracking it down in aiohttp.
Fix interpretation difference of the pure-Python and the Cython-based HTTP parsers construct a yarl.URL object for HTTP request-target.
Before this fix, the Python parser would turn the URI's absolute-path for //some-path into / while the Cython code preserved it as //some-path. Now, both do the latter.
CMake 3.19.6
* Intel: Make explicit Fortran preprocessing under Ninja more robust
* Tests: Update for upstream ninja change to write status on stderr
* CMakePresets.json: Remove undocumented support for comments
* FindPython: fix erroneous variable handling
Upstream Release Notes:
2.0.11
- Reverted "Fixed runtime autoloader registration (for plugins and script
handlers) to prefer the project dependencies over the bundled Composer
ones" as it caused more problems than expected
2.0.10
- Added COMPOSER_MAX_PARALLEL_HTTP env var to let people set a lower amount
of parallel requests if needed
- Fixed autoloader registration when plugins are loaded, which may impact
plugins relying on this bug (if you use symfony/flex make sure you upgrade
it to 1.12.2+ to fix dump-env issues)
- Fixed exec command suppressing output in some circumstances
- Fixed Windows/cmd.exe support for script handlers defined as path/to/foo,
which are now rewritten internally to path\to\foo when needed
- Fixed bin handling on Windows for PHP scripts, to more closely match
symlinks and allow @php vendor/bin/foo to work cross-platform
- Fixed Git for Windows/Git Bash not being detected correctly as an
interactive shell (regression since 2.0.7)
- Fixed regression handling some private Bitbucket repository clones
- Fixed Ctrl-C/SIGINT handling during downloads to correctly abort as soon as
possible
- Fixed runtime autoloader registration (for plugins and script handlers) to
prefer the project dependencies over the bundled Composer ones
- Fixed numeric default branches being aliased as 9999999-dev internally.
This alias now only applies to default branches being non-numeric
(e.g. dev-main)
- Fixed support for older lib-sodium versions
- Fixed various minor issues
Changes:
1.0.2
-----
- Fix Java binding compilation
- Enable building for ARM little-endian only (ignore big-endian)
- Add uc_context_free() API
- Fix context saving/retoring API (core & Python binding)
- Add cmake option to build Unicorn as a static library
- Fix error handling of mmap()
- uc_emu_start() can be reentrant
- Fix naming conflicts when built with systemd
- Fix setjmp/longjmp on native Windows
- Fix enabled hooks even after deleting them
- X86:
- Fix 64bit fstenv
- Fix IP value of 16bit mode
- ARM:
- Fix APSR handling
- Python: Remove UC_ERR_TIMEOUT
- No longer require Python to build
- Fix recursive UC_HOOK_MEM callbacks for cross pages access
- Remove UC_ERR_TIMEOUT, so timeout on uc_emu_start() is not considered error
- Added UC_QUERY_TIMEOUT to query exit reason
- Fix UAF when deleting hook while in hook callback
- Ensure that hooks are unaffected by a request to stop emulation.
- Fix block hooks being called twice after an early exit from execution.
- Fix binding install on python2 (MacOS)
- X86:
- Support read/write STn registers
- Support read/write X64 base regs
- ARM64:
- Support some new registers
OctoPrint provides a snappy web interface for controlling consumer 3D printers.
It is Free Software and released under the GNU Affero General Public License
V3.
pkgsrc changes:
---------------
* Update some PLIST entries since the version of packages documented does
not always match the last patchlevel version of OTP.
* Bump revision
upstream changes:
-----------------
Patch Package: OTP 23.2.6
Git Tag: OTP-23.2.6
Date: 2021-02-25
Trouble Report Id: OTP-17173, OTP-17205, OTP-17220
Seq num: ERIERL-581, ERIERL-608
System: OTP
Release: 23
Application: inets-7.3.2, ssh-4.10.8
Predecessor: OTP 23.2.5
Check out the git tag OTP-23.2.6, and build a full OTP system
including documentation. Apply one or more applications from this
build as patches to your installation using the 'otp_patch_apply'
tool. For information on install requirements, see descriptions for
each application version below.
---------------------------------------------------------------------
--- inets-7.3.2 -----------------------------------------------------
---------------------------------------------------------------------
The inets-7.3.2 application can be applied independently of other
applications on a full OTP 23 installation.
--- Fixed Bugs and Malfunctions ---
OTP-17205 Application(s): inets
Related Id(s): ERIERL-608
Solves CVE-2021-27563, that is make sure no form of
relative path can be used to go outside webservers
directory.
OTP-17220 Application(s): inets
Make sure HEAD requests rejects directory links
Full runtime dependencies of inets-7.3.2: erts-6.0, kernel-3.0,
mnesia-4.12, runtime_tools-1.8.14, ssl-5.3.4, stdlib-3.5
---------------------------------------------------------------------
--- ssh-4.10.8 ------------------------------------------------------
---------------------------------------------------------------------
The ssh-4.10.8 application can be applied independently of other
applications on a full OTP 23 installation.
--- Fixed Bugs and Malfunctions ---
OTP-17173 Application(s): ssh
Related Id(s): ERIERL-581
Don't timeout slow connection setups and tear-downs. A
rare crash risk for the controller is also removed.
Full runtime dependencies of ssh-4.10.8: crypto-4.6.4, erts-9.0,
kernel-5.3, public_key-1.6.1, stdlib-3.4.1
---------------------------------------------------------------------
---------------------------------------------------------------------
---------------------------------------------------------------------
Patch Package: OTP 23.2.5
Git Tag: OTP-23.2.5
Date: 2021-02-16
Trouble Report Id: OTP-17185, OTP-17190, OTP-17191
Seq num: ERIERL-606, ERL-1476, GH-4192
System: OTP
Release: 23
Application: erts-11.1.8, ssl-10.2.3, tools-3.4.3
Predecessor: OTP 23.2.4
Check out the git tag OTP-23.2.5, and build a full OTP system
including documentation. Apply one or more applications from this
build as patches to your installation using the 'otp_patch_apply'
tool. For information on install requirements, see descriptions for
each application version below.
---------------------------------------------------------------------
--- erts-11.1.8 -----------------------------------------------------
---------------------------------------------------------------------
The erts-11.1.8 application can be applied independently of other
applications on a full OTP 23 installation.
--- Fixed Bugs and Malfunctions ---
OTP-17185 Application(s): erts
Fixed a bug that could cause some work scheduled for
execution on scheduler threads to be delayed until
other similar work appeared. Beside delaying various
cleanup of internal data structures also the following
could be delayed:
-- Termination of a distribution controller process
-- Disabling of the distribution on a node
-- Gathering of memory allocator information using the
instrument module
-- Enabling, disabling, and gathering of msacc
information
-- Delivery of 'CHANGE' messages when time offset is
monitored
-- A call to erlang:cancel_timer()
-- A call to erlang:read_timer()
-- A call to erlang:statistics(io | garbage_collection
| scheduler_wall_time)
-- A call to ets:all()
-- A call to erlang:memory()
-- A call to erlang:system_info({allocator |
allocator_sizes, _})
-- A call to erlang:trace_delivered()
The bug existed on runtime systems running on all types
of hardware except for x86/x86_64.
Full runtime dependencies of erts-11.1.8: kernel-7.0, sasl-3.3,
stdlib-3.13
---------------------------------------------------------------------
--- ssl-10.2.3 ------------------------------------------------------
---------------------------------------------------------------------
The ssl-10.2.3 application can be applied independently of other
applications on a full OTP 23 installation.
--- Fixed Bugs and Malfunctions ---
OTP-17190 Application(s): ssl
Related Id(s): ERIERL-606
Avoid race when the first two upgrade server handshakes
(that is servers that use a gen_tcp socket as input to
ssl:handshake/2,3) start close to each other. Could
lead to that one of the handshakes would fail.
Full runtime dependencies of ssl-10.2.3: crypto-4.2, erts-10.0,
inets-5.10.7, kernel-6.0, public_key-1.8, stdlib-3.12
---------------------------------------------------------------------
--- tools-3.4.3 -----------------------------------------------------
---------------------------------------------------------------------
The tools-3.4.3 application can be applied independently of other
applications on a full OTP 23 installation.
--- Fixed Bugs and Malfunctions ---
OTP-17191 Application(s): tools
Related Id(s): ERL-1476, GH-4192, OTP-16922
Correct the Xref analysis undefined_functions to not
report internally generated behaviour_info/1.
Full runtime dependencies of tools-3.4.3: compiler-5.0, erts-11.0,
erts-9.1, kernel-5.4, runtime_tools-1.8.14, stdlib-3.4
---------------------------------------------------------------------
---------------------------------------------------------------------
---------------------------------------------------------------------
py-sarge is a wrapper for subprocess which provides command pipeline
functionality.
The sarge package provides a wrapper for subprocess which provides command
pipeline functionality.
This package leverages subprocess to provide easy-to-use cross-platform
command pipelines with a Posix flavour: you can have chains of commands using
;, &, pipes using | and |&, and redirection.
Pylru implements a true LRU cache along with several support classes. The cache
is efficient and written in pure Python. It works with Python 2.6+ including
the 3.x series. Basic operations (lookup, insert, delete) all run in a constant
amount of time. Pylru provides a cache class with a simple dict interface. It
also provides classes to wrap any object that has a dict interface with a
cache. Both write-through and write-back semantics are supported. Pylru also
provides classes to wrap functions in a similar way, including a function
decorator.
