Changes since 19.3.18:
Small improvements to edge cases in SUBST blocks.
Small improvements to edge cases in variable assignment and alignment
of the continuation backslashes.
The --source option shows the changes from autofix, even when the
--show-autofix option is not given. This is a welcome side-effect of
making the autofix logging simpler and more predictable.
## 4.3.1 and 3.12.2 / 2019-12-05
* Security
* Fix: a poorly-behaved client could use keepalive requests to monopolize Puma's reactor and create a denial of service attack. CVE-2019-16770.
## 4.3.0 / 2019-11-07
* Features
* Strip whitespace at end of HTTP headers (#2010)
* Optimize HTTP parser for JRuby (#2012)
* Add SSL support for the control app and cli (#2046, #2052)
* Bugfixes
* Fix Errno::EINVAL when SSL is enabled and browser rejects cert (#1564)
* Fix pumactl defaulting puma to development if an environment was not specified (#2035)
* Fix closing file stream when reading pid from pidfile (#2048)
* Fix a typo in configuration option `--extra_runtime_dependencies` (#2050)
## 4.2.1 / 2019-10-07
* 3 bugfixes
* Fix socket activation of systemd (pre-existing) unix binder files (#1842, #1988)
* Deal with multiple calls to bind correctly (#1986, #1994, #2006)
* Accepts symbols for `verify_mode` (#1222)
## 4.2.0 / 2019-09-23
* 6 features
* Pumactl has a new -e environment option and reads `config/puma/<environment>.rb` config files (#1885)
* Semicolons are now allowed in URL paths (MRI only), useful for Angular or Redmine (#1934)
* Allow extra dependencies to be defined when using prune_bundler (#1105)
* Puma now reports the correct port when binding to port 0, also reports other listeners when binding to localhost (#1786)
* Sending SIGINFO to any Puma worker now prints currently active threads and their backtraces (#1320)
* Puma threads all now have their name set on Ruby 2.3+ (#1968)
* 4 bugfixes
* Fix some misbehavior with phased restart and externally SIGTERMed workers (#1908, #1952)
* Fix socket closing on error (#1941)
* Removed unnecessary SIGINT trap for JRuby that caused some race conditions (#1961)
* Fix socket files being left around after process stopped (#1970)
* Absolutely thousands of lines of test improvements and fixes thanks to @MSP-Greg
## 4.1.1 / 2019-09-05
* 3 bugfixes
* Revert our attempt to not dup STDOUT/STDERR (#1946)
* Fix socket close on error (#1941)
* Fix workers not shutting down correctly (#1908)
## 4.1.0 / 2019-08-08
* 4 features
* Add REQUEST_PATH on parse error message (#1831)
* You can now easily add custom log formatters with the `log_formatter` config option (#1816)
* Puma.stats now provides process start times (#1844)
* Add support for disabling TLSv1.1 (#1836)
* 7 bugfixes
* Fix issue where Puma was creating zombie process entries (#1887)
* Fix bugs with line-endings and chunked encoding (#1812)
* RACK_URL_SCHEME is now set correctly in all conditions (#1491)
* We no longer mutate global STDOUT/STDERR, particularly the sync setting (#1837)
* SSL read_nonblock no longer blocks (#1857)
* Swallow connection errors when sending early hints (#1822)
* Backtrace no longer dumped when invalid pumactl commands are run (#1863)
* 5 other
* Avoid casting worker_timeout twice (#1838)
* Removed a call to private that wasn't doing anything (#1882)
* README, Rakefile, docs and test cleanups (#1848, #1847, #1846, #1853, #1859, #1850, #1866, #1870, #1872, #1833, #1888)
* Puma.io has proper documentation now (https://puma.io/puma/)
* Added the Contributor Covenant CoC
* 1 known issue
* Some users are still experiencing issues surrounding socket activation and Unix sockets (#1842)
## 4.0.1 / 2019-07-11
* 2 bugfixes
* Fix socket removed after reload - should fix problems with systemd socket activation. (#1829)
* Add extconf tests for DTLS_method & TLS_server_method, use in minissl.rb. Should fix "undefined symbol: DTLS_method" when compiling against old OpenSSL versions. (#1832)
* Removed unnecessary RUBY_VERSION checks. (#1827)
## 4.0.0 / 2019-06-25
9 features
* Add support for disabling TLSv1.0 (#1562)
* Request body read time metric (#1569)
* Add out_of_band hook (#1648)
* Re-implement (native) IOBuffer for JRuby (#1691)
* Min worker timeout (#1716)
* Add option to suppress SignalException on SIGTERM (#1690)
* Allow mutual TLS CA to be set using `ssl_bind` DSL (#1689)
* Reactor now uses nio4r instead of `select` (#1728)
9 x bugfixes
* Do not accept new requests on shutdown (#1685, #1808)
* Fix 3 corner cases when request body is chunked (#1508)
* Change pid existence check's condition branches (#1650)
* Don't call .stop on a server that doesn't exist (#1655)
* Implemented NID_X9_62_prime256v1 (P-256) curve over P-521 (#1671)
* Fix @notify.close can't modify frozen IOError (RuntimeError) (#1583)
* Fix Java 8 support (#1773)
* Fix error `uninitialized constant Puma::Cluster` (#1731)
* Fix `not_token` being able to be set to true (#1803)
## 3.12.1 / 2019-01-08
* 1 features
* Internal strings are frozen (#1649)
* 3 bugfixes
* Fix chunked ending check (#1607)
* Rack handler should use provided default host (#1700)
* Better support for detecting runtimes that support `fork` (#1630)
Update php-ja-wordpress from 4.5.3 to 5.3.1.
This release contains these security fixes.
* Props to Daniel Bachhuber for finding an issue where an unprivileged
user could make a post sticky via the REST API.
* Props to Simon Scannell of RIPS Technologies for finding and
disclosing an issue where cross-site scripting (XSS) could be stored
in well-crafted links.
* Props to the WordPress.org Security Team for hardening
wp_kses_bad_protocol() to ensure that it is aware of the named colon
attribute.
* Props to Nguyen The Duc for discovering a stored XSS vulnerability
using block editor content.
For more detail about version 5.3.1, please refer
<https://wordpress.org/news/2019/12/wordpress-5-3-1-security-and-maintenance-release/>
And changes from 4.5.3 to 5.3.0, please refer HOMEPAGE and
<https://wordpress.org/>.
Clean up php languages.
* Clean up php/phpversions.mk a little.
* Add php/replace.mk to provide common shebang line replace for PHP.
* Define USE_TOOLS before including <bsd.prefs.mk>.
* Fix most warnings of pkglint.
No functional change should be done.
This fixes errors about gl_HOST_CPU_C_ABI_32BIT not being defined when
running autoreconf, and errors about such a command not being found when
the generated configure script is run.
configure.ac:20: warning: gl_HOST_CPU_C_ABI_32BIT is m4_require'd but not m4_defun'd
Based on only a cursory understanding of autoconf, it seems like all
the files in share/aclocal are always included. Therefore it should be
possible to detect errors like this by running autoconf or autoreconf,
before committing to pkgsrc.
Removed pkgsrc patches merged upstream.
Changelog
=========
0.17 Bugfix: Configuration test result for inttypes.h presence is used,
reintroduce the test removed for 0.16
Bugfix: BSD version of ntohl() for old systems was broken
Bugfix: ISO-2022-JP decoder: Mask for unassigned codepoints fixed
Bugfix: SHA2 support in OpenSSL 1.0.0 must be explicitly enabled
Display article from "news" type URI in separate window (if it's not
found in current group)
Clickable References added (articles displayed in separate window)
Search for Message-ID added to the Tools menu (Keyboard shortcut
is Ctrl-s)
Previous read article (in current group) menu entry added
Keyboard shortcut for "Quit" changed from Ctrl-x to Ctrl-q (Proposed
by Marcel Logen)
Keyboard shortcut for "View source" changed from Ctrl-v to Ctrl-e
(Proposed by Marcel Logen)
Menu entry "Article->Mark as unread" (Ctrl-u) changed to toggle
between read and unread state (Proposed by Marcel Logen)
Command line option "-4" added (force usage of IPv4 network protocol)
Flowed format: The 'flowed_insert_crlf' entry in configfile adds an
empty line separator after every paragraph that ends with an empty
line. Defaults to 0 (former behaviour)
Flowed format: The behaviour of 'flowed_insert_crlf' can be requested
by the sender of an article with "InsLine=yes" in the Content-Type
headerfield.
TLS module can now use OpenSSL 3 API (required for FFDHE group
negotiation with TLSv1.2 and TLSv1.3 protocols)
TLS module can now use LibreSSL 3 (formerly major version 2 was used
to identify LibreSSL and distinguish it from OpenSSL)
TLS modules compile time option 'CFG_USE_TLS_OWNCERTS' replaced by
the new 'tls_owncerts' entry in configfile
TLS modules experimental compile time option 'CFG_USE_TLS_CRLS'
replaced by normal option 'CFG_TLS_CRLS_DISABLE'. Default is to use
no CRLs (former behaviour) because this option increases the system
requirements (to POSIX.1-2001 or XSI extension)
TLS module now supports new 'crl_check' entry in configfile (ignored
if CFG_TLS_CRLS_DISABLE is nonzero)
TLS module now prints real LibreSSL version instead of generic 2.0.0
TLS module no longer supports options 'CFG_USE_TLS_DHPARAM_CHECK' and
'CFG_USE_TLS_SETSIGALG'. They were obsoleted by the OpenSSL 1.1 API
Unicode database updated to version 12.1.0
GUI module no longer supports experimental FLTK 1.3 option
'USE_X11_GLYPH_SUBSTITUTION'. It was obsoleted by FLTK 1.4
Modified LaTeX documentation to work with recent doxygen
8.0:
Backwards incompatible changes
- Drop support for pytest version 3.10, 4.0, 4.1, 4.2 and 4.3
- Drop support for Python 3.4.
Features
- Add support for pytest version 4.4, 4.5, 4.6, 5.0, 5.1 and 5.2.
Bug fixes
- Explicitly depend on setuptools to ensure installation when working in
environments without it.
version:3.4.8
OpenCV 3.4.8 has been released. Bug fixes, optimizations and other enhancements are propagated into OpenCV 4.1.2.
version:3.4.7
OpenCV 3.4.7 has been released. Bug fixes, optimizations and other enhancements are propagated into OpenCV 4.1.1.
Changelog:
Sun 15 Dec 2019 02:12:02 PM CET
Fix send() call (affects Mac OS X). #5977 -CG/fbrault
Releasing libmicrohttpd 0.9.69. -CG
Fri 29 Nov 2019 11:22:25 PM CET
If application suspends a connection before we could send 100 CONTINUE,
give application another shot at queuing a reply before the upload begins. -CG
Change log:
### marco 1.22.4
* update translations
* Revert "compositor: fix possible crash closing/destroying window"
* theme.c: Fix window control hidpi rendering for all themes.
* theme: Render window control buttons and icons as surfaces
### marco 1.22.3
* update translations
* frames: bump priority of style providers
* window: add _GTK_THEME_VARIANT to initial window properties
* frames: apply modified hack from Mutter/Metacity
* frames: avoid infinite loop on the variants GList
* frames: use style_updated instead of style_set
* Fixed moving windows to edges to work with CSD clients.
* window: Update allowed action hints
* build: Remove rationales.txt from EXTRA_DIST target
* Fix use of RBGA visual in frame.c when compositing is not in use
* drop old and obsolete rationales.txt
* boxes: Actually check for rectangle containment
Change log:
0.3.2
-------------------------------------------------------------------------
* Fixed crash in some rare cases with unusual monitor name so it failed
to detect monitor and crashed instead.
* Fixed case with dot in monitor name.
* Some translations updates.
