In all cases they were trying to use variables that aren't used in the build
process, the sqlite include paths had typos, and sqlite3 was trying to use
sqlite2's buildlink3.mk
Version 4.3.1:
* Allow fabfile to be importable when building docs
* Remove top-level __init__.py from new projects.
* Fix HTML escaping.
Version 4.3.0:
* Added explicit on_delete arguments for all ForeignKey models
* Only generate thumbnails in RichText when absolute width/height used.
* Removed null attribute from slug CharField
* Converted all template.render calls to pass a dict instead of a Context object
* Fixed MezzanineBackend.authenticate backend to accept a request argument, added in Django 1.11
* Fixed test_multiple_comment_forms to be agnostic of the order of HTML attributes
* Altered annotation behaviour of search results. Previously this was done implicitly in the SearchQuerySet.iterator() method,. which Django would call internally when evaluating the queryset. Django 1.11 changed its behaviour to use a ModelIterator class instead of. just calling iterator() on the queryset. Rather than suppy a custom. ModelIterator, we just make the annotate explicit
* Updated setup and test configuration to include Django 1.11
* password reset: 'http' -> request.schema. This fixes a potential security vulnerability in which the password. reset url is exposed to untrusted intermediary nodes in the network.
* Add explicit on_delete arguments to foreign keys in migrations
* Use TextField for Field.label and Field.help_text. Now length limits for user-defined labels and help_texts are enforced in the admin instead of the DB, which should prevent any further migrations
* Get rid of max_length settings for mezzanine.forms
* Timezone aware blog months.
* Test and simplify blog_months
* Weigh search results by age. Weigh search results by their age by default. Add a new setting,. SEARCH_AGE_SCALE_FACTOR, controlling how much emphasis to put on the. age when ranking results (set this to 0 to revert to the old behavior)
* Split dev and prod ALLOWED_HOSTS. Django started checking ALLOWED_HOSTS when DEBUG=True a few releases back.
* Update docs related to ALLOWED_HOSTS
* Fix the old url parsing in import wordpress
* Use Django's six module
* Don't warn Mezzanine about itself
* Looser check for LocalMiddleware.
* Modified the blog homepage pattern to a working version. Added import it requires
* Remove explicit show_banner argument from inner_run. This broke --noreload for me.
* Handle MIDDLEWARE_CLASSES -> MIDDLEWARE
* Don't use lazy static loading when Django's ManifestStaticFilesStorage is configured.
* Link to Pillow docs for dependencies
* Adding new site to site list. Adding "The National: New Australian Art" to the site list. https://the-national.com.au
* Doesn't convert JPG/JPEG images to RGBA.
* Remove all device-detection features
* Remove mentions of device handling from docs
* Use template loaders instead of middlware for host-based template swapping
* Add docs on upgrading from TemplateForHostMiddleware
* Create __init__.py so Python can find directory
* Properly parse positional args. As demonstrated by using call_command, the positional args not. processed. This may be a left-over from optarg migration. Usage property is no longer necessary
* Fix build fail while in here
* Added more tests por pages
* Update page_not_found view args.
* Rename Displayable is_public to published
* Test Nginx config before restarting. This way the configuration won't be updated if it's broken, and you also get an error message in the terminal explaining why it's broken (instead of just telling you to check service status/journal)
* Enable browser-native spell checking in WYSIWYG tinymce editor, which got wiped in 82339b0 . Previously introduced in 86f6ef6
* Fixing the support for external links which are moved to child categories in the menu hierarchy
* Update LOGOUT_URL to make use of ACCOUNT_URL
* Ensure template vars for form defaults are properly escaped
* Fix drag-n-drop for Form field inlines. Inherit from DynamicInlineAdminForm to inject the necessary JS files
* Fix failing tests that assume threadlocals have been set up
* Pulled out middleware present check into its own function. And fixed Python 3 compat
* Made all middleware installation checking consistent. All check by string first, and then for classes and subclasses,. correctly ignoring things that aren't classes
* Fix failing tests that assume threadlocals have been set up
* Fix keywords widget for Django 1.11.
* Fix sense of SITE_PERMISSION_MIDDLEWARE check. Issue introduced by commit 00f4a63c
* Fix sense of other check for SITE_PERMISSION_MIDDLEWARE. Issue introduced by commit 00f4a63
* Added basic tests for TemplateSettings. The tests follow the existing functionality
* Gave TemplateSettings a useful __repr__. Previously it just returned '{}' always, from super()s empty dict
* Don't emit warning when doing force_text(TestSettings()). This is to fix the behaviour of getting lots of instances of: UserWarning: __unicode__ is not in TEMPLATE_ACCESSIBLE_SETTINGS. if you have django-debug-tool installed
* Prevent changes to FORMS_EXTRA_FIELDS setting creating new migrations
* Support access to related model on Django 2+
* Fix safe string handling in richtext filters
* Fix some test warnings
* Add deprecation handling for mark_safe as decorator
* Fix SplitSelectDateTimeWidget which Django 1.9 broke.
* Fix usage of request.scheme in password reset email
* Make thumbnail tag recognize .PNG and .GIF. Files with the upper case extensions .PNG and .GIF are now recognized by. the thumbnail template tag as being PNG- and GIF images, respectively,. instead of being treated as JPEG images
* Added gcc and rsync for the full deployment on the freshly installed Debian (eg. on OVH)
* Support SelectDateWidget in django 1.8 and django 2.x
* Narrow exception handling to ImportError only
Version 3.0.2:
Bug fixes
Merge Characters tokens after sanitizing them. This fixes issues in the
LinkifyFilter where it was only linkifying parts of urls.
Version 3.0.1:
Features
Support Python 3.7. It supported Python 3.7 just fine, but we added 3.7 to
the list of Python environments we test so this is now officially supported.
Bug fixes
Fix list object has no attribute lower in clean.
Fix abbr getting escaped in linkify.
Version 3.0.0:
Backwards incompatible changes
A bunch of functions were moved from one module to another.
These were moved from bleach.sanitizer to bleach.html5lib_shim:
convert_entity
convert_entities
match_entity
next_possible_entity
BleachHTMLSerializer
BleachHTMLTokenizer
BleachHTMLParser
These functions and classes weren't documented and aren't part of the
public API, but people read code and might be using them so we're
considering it an incompatible API change.
If you're using them, you'll need to update your code.
Features
Bleach no longer depends on html5lib. html5lib==1.0.1 is now vendored into
Bleach. You can remove it from your requirements file if none of your other
requirements require html5lib.
This means Bleach will now work fine with other libraries that depend on
html5lib regardless of what version of html5lib they require.
Bug fixes
Fixed tags getting added when using clean or linkify. This was a
long-standing regression from the Bleach 2.0 rewrite.
Fixed <isindex> getting replaced with a string. Now it gets escaped or
stripped depending on whether it's in the allowed tags or not.
0.4.0:
Fix2: reset LIGHT_EX colors with RESET_ALL.
Fix: ignore invalid "erase" ANSI codes.
Fix stream wrapping under PyCharm.
Added contextlib magic methods to ansitowin32.StreamWrapper.
Fix: don't cache stdio handles, since they might be closed/changed by fd redirection. This fixes an issue with pytest.
Drop support for EOL Python 2.5, 2.6, 3.1, 3.2 and 3.3, and add 3.6.
0.3.7 release
* Fix processing of http-equiv meta tags incorrectly lower casing the content
* Fix error when a textbox contained within a form contains unicode characters
3.80.0:
Since :ref:version 3.68.0 <v3.68.0>, :func:~hypothesis.extra.numpy.arrays checks that values drawn from the elements and fill strategies can be safely cast to the dtype of the array, and emits a warning otherwise.
This release expands the checks to cover overflow for finite complex64 elements and string truncation caused by too-long elements or trailing null characters (:issue:1591).
3.79.4:
Tests using :func:@given <hypothesis.given> now shrink errors raised from :pypi:pytest helper functions, instead of reporting the first example found.
This was previously fixed in :ref:version 3.56.0 <v3.56.0>, but only for stateful testing.
3.79.3:
Traceback elision is now disabled on Python 2, to avoid an import-time :class:python:SyntaxError under Python < 2.7.9 (Python: :bpo:21591, :ref:Hypothesis 3.79.2 <v3.79.2>: :issue:1648).
We encourage all users to upgrade to Python 3 before the end of 2019.
3.79.2:
This patch shortens tracebacks from Hypothesis, so you can see exactly happened in your code without having to skip over irrelevant details about our internals (:issue:848).
In the example test (see :pull:1582), this reduces tracebacks from nine frames to just three - and for a test with multiple errors, from seven frames per error to just one!
If you do want to see the internal details, you can disable frame elision by setting :obj:~hypothesis.settings.verbosity to debug.
3.79.1:
The abstract number classes :class:~python:numbers.Number, :class:~python:numbers.Complex, :class:~python:numbers.Real, :class:~python:numbers.Rational, and :class:~python:numbers.Integral are now supported by the :func:~hypothesis.strategies.from_type strategy. Previously, you would have to use :func:~hypothesis.strategies.register_type_strategy before they could be resolved (:issue:1636)
3.79.0:
This release adds a CLI flag for verbosity --hypothesis-verbosity to the Hypothesis pytest plugin, applied after loading the profile specified by --hypothesis-profile. Valid options are the names of verbosity settings, quiet, normal, verbose or debug.
The pytest header now correctly reports the current profile if --hypothesis-profile has been used.
GITHUB_PROJECT by default is already PKGBASE, no need to reinitialize it.
Reuse PKGVERSION_NOREV for GITHUB_TAG.
Remove commented out WRKSRC while here.
From 681748ec2f5ce88da5f9fa6831e1653e46af8a66 Mon Sep 17 00:00:00 2001
From: Even Rouault <even.rouault@spatialys.com>
Date: Sun, 14 Oct 2018 16:38:29 +0200
Subject: [PATCH 1/1] JBIG: fix potential out-of-bounds write in JBIGDecode()
JBIGDecode doesn't check if the user provided buffer is large enough
to store the JBIG decoded image, which can potentially cause out-of-bounds
write in the buffer.
This issue was reported and analyzed by Thomas Dullien.
Also fixes a (harmless) potential use of uninitialized memory when
tif->tif_rawsize > tif->tif_rawcc
And in case libtiff is compiled with CHUNKY_STRIP_READ_SUPPORT, make sure
that whole strip data is provided to JBIGDecode()
The last part (CHUNKY_STRIP_READ_SUPPORT) was adapted by myself to fit
the libtiff release.
Bump PKGREVISION.
Matthieu Herrb (2):
Disable -logfile and -modulepath when running with elevated privileges
LogFilePrep: add a comment to the unsafe format string.
Peter Hutterer (1):
xfree86: fix readlink call
On NetBSD there is no <sys/sysinfo.h> but we can use hw.usermem64.
This should address WebKitGTK+ support for NetBSD ports where
USE_SYSTEM_MALLOC is by default OFF.
Side-note: on NetBSD/amd64 -current when building with -DUSE_SYSTEM_MALLOC=ON
both SunSpider and JetStream benchmarks shows a very little performance penalty,
so also remove the `-DUSE_SYSTEM_MALLOC=ON' commented out CMAKE_ARGS (i.e. when
possible just use the preferred malloc).
SALT 2018.3.3
CVE-2018-15751 Remote command execution and incorrect access control when using salt-api.
CVE-2018-15750 Directory traversal vulnerability when using salt-api. Allows an attacker to determine what files exist on a server when querying /run or /events.
Improves timezone detection by using the pytz module.
The tojson filter (from Jinja 2.9 and later) has been ported to Salt, and will be used when this filter is not available. This allows older LTS releases such as CentOS 7 and Ubuntu 14.04 to use this filter.
While it is debatable whether we want to have this definition upstream,
this is very necessary in the package for the purpose of building
www/firefox once it is updated to 63.0.
This is because netbsd's base libstdc++ has some __float128 in headers
and otherwise we get fatal errors in clang builds, or in firefox's case,
when generating bindings for Rust via clang.
PR toolchain/53679
Bump PKGREVISION.
pkgsrc changes:
- Bump GCC_REQD to 6 (now gcc 6.0.0 or newer is needed)
- Add NetBSD support for JavaScript JIT on x86_64, i386, arm,
aarch64 and mips
- Add WebKitWebProcess and jsc to NOT_PAX_MPROTECT_SAFE.
At least on NetBSD/amd64, running SunSpider 1.0.2 JavaScript Benchmark
(<https://webkit.org/perf/sunspider/sunspider.html>) with MiniBrowser
before `paxctl +m'-ing them needed:
Total: 1006.9ms +/- 0.7%
...while after `paxctl +m'-ing them:
Total: 322.3ms +/- 3.0%
(Probably EACCESS due PaX MPROTECT are handled gracefully and
silently instead of failing hard at runtime.)
Please also note that webkit-gtk browsers should not need any
NOT_PAX_MPROTECT_SAFE because WebKitWebProcess is used and already
have that.
- Improve handling of `webkit-jit' by introducing a
WEBKIT_JIT_MACHINE_PLATFORMS list that contain all MACHINE_PLATFORMs
triplets that have `webkit-jit' option as suggested one.
- Always use OS(...) and BOS(...) macros instead of __Os__ macros for
consistency with webkit code.
- Add definition for BOS(SOLARIS) and OS(SOLARIS) and add it to the
OS(UNIX) OSes list.
- Limit patch-Source_JavaScriptCore_jit_ExecutableAllocator.cpp to
OpenBSD. It is no longer present in FreeBSD ports and it is not
problematic in NetBSD.
- Remove no longer needed patch-Source_WTF_wtf_ThreadSpecific.h:
NetBSD 5.x was already part of NOT_FOR_PLATFORM.
- Sync patch-CMakeLists.txt with FreeBSD ports.
Please note that this also removes WTF_CPU_SPARC64 definition that was
unused.
- madvise(2) on {Free,DragonFly,Net,Open}BSD supports MADV_FREE and
MADV_DONTNEED flags. Define the corresponding HAVE_* via
patch-Source_WTF_wtf_Platform.h.
- Use globbing for REPLACE_{PERL,PYTHON} where possible.
Changes:
WebKitGTK+ 2.22.2
=================
- Several fixes for video playback with media source extensions (MSE).
This allows using WebM support for YouTube, which no longer works through
regular video source. Note that MSE is still disabled by default and
webkit_settings_set_enable_mediasource() has to be used to enable the
feature.
- Fix the build when only Wayland support is enabled and X11 headers are
not available.
WebKitGTK+ 2.22.1
=================
- Fix printing in landscape.
- Fix the build in several platforms: s390x, ppc64le, armv7hl.
- Fix the build with a11y disabled.
- Fix the build with video disabled.
- Fix several crashes and rendering issues.
WebKitGTK+ 2.22.0
==================
- Add warn_unused_result attribute to some JavaScriptCore GLib APIs.
- Make pinch to zoom scale the page without changing the layout.
- Fix the build in mips64.
