* upstream (curl) ChangeLog:
This release includes the following changes:
* cookies: leave secure cookies alone
* hostip: support wildcard hosts
* http: Implement trailing headers for chunked transfers
* http: added options for allowing HTTP/0.9 responses
* timeval: Use high resolution timestamps on Windows
This release includes the following bugfixes:
* CVE-2018-16890: NTLM type-2 out-of-bounds buffer read
* CVE-2019-3822: NTLMv2 type-3 header stack buffer overflow
* CVE-2019-3823: SMTP end-of-response out-of-bounds read
* FAQ: remove mention of sourceforge for github
* OS400: handle memory error in list conversion
* OS400: upgrade ILE/RPG binding.
* README: add codacy code quality badge
* Revert http_negotiate: do not close connection
* THANKS: added several missing names from year <= 2000
* build: make 'tidy' target work for metalink builds
* cmake: added checks for variadic macros
* cmake: updated check for HAVE_POLL_FINE to match autotools
* cmake: use lowercase for function name like the rest of the code
* configure: detect xlclang separately from clang
* configure: fix recv/send/select detection on Android
* configure: rewrite --enable-code-coverage
* conncache_unlock: avoid indirection by changing input argument type
* cookie: fix comment typo
* cookies: allow secure override when done over HTTPS
* cookies: extend domain checks to non psl builds
* cookies: skip custom cookies when redirecting cross-site
* curl --xattr: strip credentials from any URL that is stored
* curl -J: refuse to append to the destination file
* curl/urlapi.h: include "curl.h" first
* curl_multi_remove_handle() don't block terminating c-ares requests
* darwinssl: accept setting max-tls with default min-tls
* disconnect: separate connections and easy handles better
* disconnect: set conn->data for protocol disconnect
* docs/version.d: mention MultiSSL
* docs: fix the --tls-max description
* docs: use $(INSTALL_DATA) to install man page
* docs: use meaningless port number in CURLOPT_LOCALPORT example
* gopher: always include the entire gopher-path in request
* http2: clear pause stream id if it gets closed
* if2ip: remove unused function Curl_if_is_interface_name
* libssh: do not let libssh create socket
* libssh: enable CURLOPT_SSH_KNOWNHOSTS and CURLOPT_SSH_KEYFUNCTION for libssh
* libssh: free sftp_canonicalize_path() data correctly
* libtest/stub_gssapi: use "real" snprintf
* mbedtls: use VERIFYHOST
* multi: multiplexing improvements
* multi: set the EXPIRE_*TIMEOUT timers at TIMER_STARTSINGLE time
* ntlm: fix NTMLv2 compliance
* ntlm_sspi: add support for channel binding
* openssl: adapt to 3.0.0, OpenSSL_version_num() is deprecated
* openssl: fix the SSL_get_tlsext_status_ocsp_resp call
* openvms: fix OpenSSL discovery on VAX
* openvms: fix typos in documentation
* os400: add a missing closing bracket
* os400: fix extra parameter syntax error
* pingpong: change default response timeout to 120 seconds
* pingpong: ignore regular timeout in disconnect phase
* printf: fix format specifiers
* runtests.pl: Fix perl call to include srcdir
* schannel: fix compiler warning
* schannel: preserve original certificate path parameter
* schannel: stop calling it "winssl"
* sigpipe: if mbedTLS is used, ignore SIGPIPE
* smb: fix incorrect path in request if connection reused
* ssh: log the libssh2 error message when ssh session startup fails
* test1558: verify CURLINFO_PROTOCOL on file:// transfer
* test1561: improve test name
* test1653: make it survive torture tests
* tests: allow tests to pass by 2037-02-12
* tests: move objnames-* from lib into tests
* timediff: fix math for unsigned time_t
* timeval: Disable MSVC Analyzer GetTickCount warning
* tool_cb_prg: avoid integer overflow
* travis: added cmake build for osx
* urlapi: Fix port parsing of eol colon
* urlapi: distinguish possibly empty query
* urlapi: fix parsing ipv6 with zone index
* urldata: rename easy_conn to just conn
* winbuild: conditionally use /DZLIB_WINAPI
* wolfssl: fix memory-leak in threaded use
* spnego_sspi: add support for channel binding
0.7.1:
Add support for Python 3.5, 3.6 and 3.7.
Move to GitHub and Travis CI.
Add support for iterator arguments to _speedups Markup.join implementation so that it matches
the Python implementation.
Add HTML5 input placeholder attribute to list of translatable attributes.
Add missing boolean attributes to XHTML and HTML serializers.
Fix infinite recursion in template inlining.
Support slash escaped of CRLF newlines.
Disable the speedups C extension on CPython >= 3.3 since Genshi doesn't support the new Unicode
C API yet.
Fix handling of case where a translation has text after a closing tag.
Fix assert with side-effect in xi:fallback directive processing
3.9.2:
Routers: invalidate _urls cache on register()
Deferred schema renderer creation to avoid requiring pyyaml.
Added 'request_forms' block to base.html
Fixed SchemaView to reset renderer on exception.
Update Django Guardian dependency.
Ensured support for Django 2.2.
Made templates compatible with session-based CSRF.
Adjusted field validators to accept non-list iterables.
Added SearchFilter.get_search_fields() hook.
Fix DeprecationWarning when accessing collections.abc classes via collections
Allowed Q objects in limit_choices_to introspection.
Added lazy evaluation to composed permissions.
Add negation ~ operator to permissions composition
Avoided calling distinct on annotated fields in SearchFilter.
Introduced RemovedInDRF…Warning classes to simplify deprecations.
## 4.3.3
- update jquery to 3.3.1
## 4.3.2
- update jquery to 3.3.0
- Add possibility to test HTML: all, attribute prefix, attribute contains,
attribute ends with, child, and class selectors
- Fix matching mutiple calls for the same selector/function exception
## 4.3.1
- update jquery to 3.2.1
## 4.3.0
- update jquery to 3.2.0
- Add possibility to test HTML attribute selectors
## 4.2.2
- update jquery to 3.1.1
## 4.2.1
- update jquery to 3.1.0
## 4.2.0
- Support jQuery 3.x
- Update jquery-ujs to 1.2.2
- Update jQuery to 1.12.4 and 2.2.4
## 4.1.1
- Update jQuery to 1.12.1 and 2.2.1
- Update jquery-ujs to 1.2.1
## 4.1.0
- Update jQuery to 1.12.0 and 2.2.0
- Update jquery-ujs to 1.2.0
## 4.0.5
- Specify that Ruby version 1.9.3+ is required
- Test on Ruby 2.2
- Update jquery-ujs from 1.0.4 to 1.1.0
## 4.0.4
- Fix CSP bypass vulnerability. CVE-2015-1840
## 4.0.1
- Fix RubyGems permission problem.
## 4.0.0
- Minimum dependency set to Rails 4.2
- Updated to jquery-ujs 1.0.2
- Support jQuery 1.x and 2.x
Add ruby-coffee-rails package version 4.2.2 which supported by Ruby on
Rails 4.2 and later.
CoffeeScript adapter for the Rails asset pipeline. Also adds support to use
CoffeeScript to respond to JavaScript requests (use `.coffee` views).
Add ruby-rails52 version 5.2.2 package.
Ruby on Rails is a full-stack web framework optimized for programmer
happiness and sustainable productivity. It encourages beautiful code
by favoring convention over configuration.
This is for Ruby on Rails 5.2.
Add ruby-actioncable52 version 5.2.2 package.
# Action Cable – Integrated WebSockets for Rails
Action Cable seamlessly integrates WebSockets with the rest of your Rails
application. It allows for real-time features to be written in Ruby in the
same style and form as the rest of your Rails application, while still being
performant and scalable. It's a full-stack offering that provides both a
client-side JavaScript framework and a server-side Ruby framework. You have
access to your full domain model written with Active Record or your ORM of
choice.
This is for Ruby on Rails 5.2.
Add ruby-actionpack52 version 5.2.2 package.
Action Pack is a framework for handling and responding to web requests. It
provides mechanisms for *routing* (mapping request URLs to actions), defining
*controllers* that implement actions, and generating responses by rendering
*views*, which are templates of various formats. In short, Action Pack
provides the view and controller layers in the MVC paradigm.
This is for Ruby on Rails 5.2.
Add ruby-actionview52 version 5.2.2 package.
Action View provides simple, battle-tested conventions and helpers for
building web pages.
This is for Ruby on Rails 5.2.
Changes:
8.0
---
Javascript changes confirmation and prompts use dialogs again
Bug fixes in Urlbar completion and focus handling as well as Adblock filtering
Headerbar enabled by default only under Budgie, GNOME and Patreon
Re-introduced support for `--inactivity-reset`, `-e Fullscreen` and `-e ZoomIn`
Initial support for cross-browser web extensions (not exposed in the GUI yet)
Builds deps: Glib lowered to 2.46.2, Json-Glib and libarchive are now required
Link to the bug tracker from the About dialog
Correct handling of external URIs such as apt:
Fixed installation path for appdata and plugins
Support for building Midori on Android with Gradle
Better internal distinction of errors from visiting pages
Zoom indicators in the page menu and statusbar features extension
pkgsrc changes:
- Remove patch-Source_JavaScriptCore_dfg_DFGDoesGC.cpp, it was applied in
2.22.7
Changes:
2.22.7
======
- Fix rendering of glyphs in Hebrew (and possibly other languages) when
Unicode NFC normalization is used.
- Fix several crashes and race conditions.
Changelog:
Changes with nginx 1.15.9 26 Feb 2019
*) Feature: variables support in the "ssl_certificate" and
"ssl_certificate_key" directives.
*) Feature: the "poll" method is now available on Windows when using
Windows Vista or newer.
*) Bugfix: if the "select" method was used on Windows and an error
occurred while establishing a backend connection, nginx waited for
the connection establishment timeout to expire.
*) Bugfix: the "proxy_upload_rate" and "proxy_download_rate" directives
in the stream module worked incorrectly when proxying UDP datagrams.
* aggregate: Use LWPx::ParanoidAgent if available.
Previously blogspam, openid and pinger used this module if available,
but aggregate did not. This prevents server-side request forgery or
local file disclosure, and mitigates denial of service when slow
"tarpit" URLs are accessed.
(CVE-2019-9187)
* blogspam, openid, pinger: Use a HTTP proxy if configured, even if
LWPx::ParanoidAgent is installed.
Previously, only aggregate would obey proxy configuration. If a proxy
is used, the proxy (not ikiwiki) is responsible for preventing attacks
like CVE-2019-9187.
* aggregate, blogspam, openid, pinger: Do not access non-http, non-https
URLs.
Previously, these plugins would have allowed non-HTTP-based requests if
LWPx::ParanoidAgent was not installed. Preventing file URIs avoids local
file disclosure, and preventing other rarely-used URI schemes like
gopher mitigates request forgery attacks.
* aggregate, openid, pinger: Document LWPx::ParanoidAgent as strongly
recommended.
These plugins can request attacker-controlled URLs in some site
configurations.
* blogspam: Document LWPx::ParanoidAgent as desirable.
This plugin doesn't request attacker-controlled URLs, so it's
non-critical here.
* blogspam, openid, pinger: Consistently use cookiejar if configured.
Previously, these plugins would only obey this configuration if
LWPx::ParanoidAgent was not installed, but this appears to have been
unintended.
* po: Always filter .po files.
The po plugin in previous ikiwiki releases made the second and
subsequent filter call per (page, destpage) pair into a no-op,
apparently in an attempt to prevent *recursive* filtering (which as
far as we can tell can't happen anyway), with the undesired effect
of interpreting the raw .po file as page content (e.g. Markdown)
if it was inlined into the same page twice, which is apparently
something that tails.org does. Simplify this by deleting the code
that prevented repeated filtering. Thanks, intrigeri
(Closes: #911356)
Version 2.0.6:
- Updating dependency version of pylint-plugin-utils as pylint 2.3 release
was not compatible
- Improvements to tox.ini
- Add support for new load_configuration hook of pylint
- 'urlpatterns' no longer reported as an invalid constant name
uWSGI 2.0.18:
Fixed support for Python 3.7
Allow to use autoport (socket :0) with custom socket backlog
pyuwsgi ported to python3
pyuwsgi packages fixes
pyuwsginossl build configuration for building pyuwsgi without ssl support
Fix unix socket inheritance after reload on FreeBSD
Fix crashes with –wsgi-env-behavior=holy
Fix invalid free in python plugin
Fix compilation warnings with gcc-8
Fix spooler python references
Don’t generate build warnings in systemd_logger
Fix segmentation fault during worker shutdown
