Add ruby-actionview52 version 5.2.2 package.
Action View provides simple, battle-tested conventions and helpers for
building web pages.
This is for Ruby on Rails 5.2.
Changes:
8.0
---
Javascript changes confirmation and prompts use dialogs again
Bug fixes in Urlbar completion and focus handling as well as Adblock filtering
Headerbar enabled by default only under Budgie, GNOME and Patreon
Re-introduced support for `--inactivity-reset`, `-e Fullscreen` and `-e ZoomIn`
Initial support for cross-browser web extensions (not exposed in the GUI yet)
Builds deps: Glib lowered to 2.46.2, Json-Glib and libarchive are now required
Link to the bug tracker from the About dialog
Correct handling of external URIs such as apt:
Fixed installation path for appdata and plugins
Support for building Midori on Android with Gradle
Better internal distinction of errors from visiting pages
Zoom indicators in the page menu and statusbar features extension
pkgsrc changes:
- Remove patch-Source_JavaScriptCore_dfg_DFGDoesGC.cpp, it was applied in
2.22.7
Changes:
2.22.7
======
- Fix rendering of glyphs in Hebrew (and possibly other languages) when
Unicode NFC normalization is used.
- Fix several crashes and race conditions.
Changelog:
Changes with nginx 1.15.9 26 Feb 2019
*) Feature: variables support in the "ssl_certificate" and
"ssl_certificate_key" directives.
*) Feature: the "poll" method is now available on Windows when using
Windows Vista or newer.
*) Bugfix: if the "select" method was used on Windows and an error
occurred while establishing a backend connection, nginx waited for
the connection establishment timeout to expire.
*) Bugfix: the "proxy_upload_rate" and "proxy_download_rate" directives
in the stream module worked incorrectly when proxying UDP datagrams.
* aggregate: Use LWPx::ParanoidAgent if available.
Previously blogspam, openid and pinger used this module if available,
but aggregate did not. This prevents server-side request forgery or
local file disclosure, and mitigates denial of service when slow
"tarpit" URLs are accessed.
(CVE-2019-9187)
* blogspam, openid, pinger: Use a HTTP proxy if configured, even if
LWPx::ParanoidAgent is installed.
Previously, only aggregate would obey proxy configuration. If a proxy
is used, the proxy (not ikiwiki) is responsible for preventing attacks
like CVE-2019-9187.
* aggregate, blogspam, openid, pinger: Do not access non-http, non-https
URLs.
Previously, these plugins would have allowed non-HTTP-based requests if
LWPx::ParanoidAgent was not installed. Preventing file URIs avoids local
file disclosure, and preventing other rarely-used URI schemes like
gopher mitigates request forgery attacks.
* aggregate, openid, pinger: Document LWPx::ParanoidAgent as strongly
recommended.
These plugins can request attacker-controlled URLs in some site
configurations.
* blogspam: Document LWPx::ParanoidAgent as desirable.
This plugin doesn't request attacker-controlled URLs, so it's
non-critical here.
* blogspam, openid, pinger: Consistently use cookiejar if configured.
Previously, these plugins would only obey this configuration if
LWPx::ParanoidAgent was not installed, but this appears to have been
unintended.
* po: Always filter .po files.
The po plugin in previous ikiwiki releases made the second and
subsequent filter call per (page, destpage) pair into a no-op,
apparently in an attempt to prevent *recursive* filtering (which as
far as we can tell can't happen anyway), with the undesired effect
of interpreting the raw .po file as page content (e.g. Markdown)
if it was inlined into the same page twice, which is apparently
something that tails.org does. Simplify this by deleting the code
that prevented repeated filtering. Thanks, intrigeri
(Closes: #911356)
Version 2.0.6:
- Updating dependency version of pylint-plugin-utils as pylint 2.3 release
was not compatible
- Improvements to tox.ini
- Add support for new load_configuration hook of pylint
- 'urlpatterns' no longer reported as an invalid constant name
uWSGI 2.0.18:
Fixed support for Python 3.7
Allow to use autoport (socket :0) with custom socket backlog
pyuwsgi ported to python3
pyuwsgi packages fixes
pyuwsginossl build configuration for building pyuwsgi without ssl support
Fix unix socket inheritance after reload on FreeBSD
Fix crashes with –wsgi-env-behavior=holy
Fix invalid free in python plugin
Fix compilation warnings with gcc-8
Fix spooler python references
Don’t generate build warnings in systemd_logger
Fix segmentation fault during worker shutdown
This includes patches for third_party/rust/libc 2.43, which requires
hack to overwrite checksum fields in .cargo-checksum.json. These will
become unnecessary if libc >= 2.45 is imported.
For aarch64,
- python locks up randomly when "make configure"; see lib/54017:
http://gnats.netbsd.org/54017
- nodejs randomly(?) crashes sometimes.
However, if you are luckly enough ;-), you will have a working binary.
Bump revision.
0.55.0
- Add response headers in WebSocketBadStatusException
- Manually assigning WebSocket-Version
- SSL socket handling fix
- Let setup.py use the same license as LICENSE file
- Ensure that "timeout" is passed down, when calling WebSocket.connect()
- Retry connect on "Interrupted system call"
Version 1.5.0:
- Add support for a Redis Sentinel Cluster.
- Parameterize the hash function so alternatives can be used.
- Include the deprecated werkzeug.contrib.cache module in Flask-Caching.
Drupal 8.6.10 (2019-02-20)
Maintenance and security release of the Drupal 8 series.
This release fixes security vulnerabilities. Sites are urged to upgrade
immediately after reading the security announcement and notes below:
* Drupal core - Remote code execution - SA-CORE-2019-003
Sites on 8.5.x or earlier should update immediately to Drupal 8.5.11 instead,
and plan to update to the latest 8.6.x release before May 2019 (when 8.7.0 is
released and 8.5.x security coverage ends).
Important update information
For site owners
* In addition to the above fix, this release includes the fix for #3031740:
Updating to 8.6.8 or 8.6.9 with Drush 8 causes data loss via
update_fix_compatibility() to prevent Drush 8 issues for sites updating
directly from an earlier security release.
* update.php must be run after updating to ensure changes from the patch take
effect.
* No changes have been made to the .htaccess, web.config, robots.txt or
default settings.php files in this release, so upgrading custom versions of
those files is not necessary if your site is already on the previous
release.
For module developers
Some contributed module tests may need to be updated if they extend core's
test suite, due to a minor API change in a test base class.
3.4.25 (7 July 2017)
* Fix a bug where * wouldn't always be eliminated during selector unification.
Deprecations -- Must Read!
* Extending compound selectors such as .a.b is deprecated. This never followed
the stated semantics of extend: elements that match the extending selector
are styled as though they matches the extended selector.
* When you write h1 {@extend .a.b}, this should mean that all h1 elements are
styled as though they match .a.b¡½that is, as though they have class="a b",
which means they'd match both .a and .b separately. But instead we extend
only selectors that contain both .a and .b, which is incorrect.
* Color arithmetic is deprecated. Channel-by-channel arithmetic doesn't
correspond closely to intuitive understandings of color. Sass's suite of
color functions are a much cleaner and more comprehensible way of
manipulating colors dynamically.
* The reference combinator, /foo/, is deprecated since it hasn't been in the
CSS specification for some time.
* The old-style :name value property syntax is deprecated. This syntax is not
widely used, and is unnecessarily different from CSS.
3.7.3 (4 January 2019)
* Emit escaped tab characters in identifiers as \9 rather than a backslash followed by a literal tab.
3.7.2 (8 November 2018)
* Fix more escaped-whitespace edge cases.
3.7.1 (7 November 2018)
* Properly handle escaped whitespace and other unusual characters.
3.7.0 (6 November 2018)
* Add support for CSS's min() and max() math functions. A min() and max() call will continue to be parsed as a Sass function if it involves any Sass-specific features like variables or function calls, but if it's valid plain CSS (optionally with interpolation) it will be emitted as plain CSS instead.
See the proposal for details.
* Add support for range-format media features like (10px < width < 100px). See the proposal for details.
* Normalize escape codes in identifiers so that, for example, «±clair and \E9clair are parsed to the same value. See the proposal for details.
Backwards Incompatibilities -- Must Read!
* Percentages passed as $alpha arguments to rgba() and hsla() are now interpreted according to the spec, and all other units are disallowed.
3.6.0 (19 September 2018)
* Add support for importing an _index.scss or _index.sass file when importing a directory.
Backwards Incompatibilities -- Must Read!
* Tokens such as #abcd that are ambiguous between ID strings and hex colors with an alpha channel are now parsed as colors.
3.5.7 (18 July 2018)
* Add a post-install message indicating that Ruby Sass is deprecated.
* Properly emit an error when an empty block is passed to a mixin that doesn't use @content.
3.5.6 (22 March 2018)
* Allow ! in custom property values.
* var() may now be passed in place of multiple arguments to rgb(), rgba(), hsl() and hsla().
* Don't crash on custom properties that aren't followed by semicolons.
* Don't crash when normalizing numbers with complex units.
* Don't crash on $x % 0.
3.5.5 (4 January 2018)
* Emit a warning when && is used, since it's probably not what the user means.
* Add a suggested replacement for extended compound selectors.
* Fix a bug where an unparseable selector produced an unuseful error.
3.5.4 (15 December 2017)
* round() now returns the correct results for negative numbers that should round down.
* Avoid thread-unsafely modifying $stderr.
3.5.3 (26 October 2017)
* Generate correct source maps for map literals.
3.5.2 (4 October 2017)
* Properly parse CSS variables that begin with interpolation (for example, --#{$foo}: ...).
3.5.1 (13 July 2017)
* Avoid conflicts with the listen gem.
3.5.0 (12 July 2017)
* Default to ten digits of numeric precision.
* Combine ids and :root when unifying selectors with @extend and selector functions.
* It's no longer an error to @extend a selector that exists in the stylesheet, but for which unification fails.
* Add a $weight parameter to invert().
* The last argument in an argument list can now have a trailing comma.
* Allow var() to be passed to rgb(), rgba(), hsl(), and hsla().
* Add support for the ::slotted() pseudo-element.
* Add support for CSS's grid template areas and named lines. We support this syntax through a new type of list called a "bracketed list". Bracketed lists can be created by wrapping a list with square brackets. For example: [this is bracketed] and [this, is, also, bracketed]. Bracketed lists will output their square brackets when used as a CSS value. Bracketed lists may be either space-separated or comma-separated. The is-bracketed() function, when passed a list will return a boolean indicating whether that list will output with brackets. The join() function now accepts a $bracketed parameter that controls whether the returned list has brackets.
* A new function content-exists() will return true when called within a mixin that was passed content for use by the @content directive.
* Passing a string to call($function-name, $args...) indicating which function to invoke is now deprecated. Instead pass a function reference returned from get-function($function-name). This allows function name resolution to be performed in the correct lexical context and then invoked in a different context. This is required so that the module-based resolver in Sass 4.0 will invoke the correct function when calling across module boundaries. Developers of frameworks that use call should not do the function lookup for callers of their framework; this is likely to result in a situation where the framework cannot resolve the function in 4.0.
* Values that can be interpreted as hex colors with alpha channels and also as ID values, such as #abcd, now emit deprecation warnings in preparation for being parsed differently Sass 3.6. They were previously parsed as strings, and in 3.6 they will be parsed as colors instead.
* Pseudo selectors that take arguments now allow any [<declaration-value>][declaration-value] production in their argument list. This will provide better forwards-compatibility for future CSS syntax.
* Pseudo selectors that take selectors as arguments will no longer always be eliminated if they contain placeholder selectors that aren't extended. Instead, they'll be reduced to valid CSS selectors if possible.
* Generated transparent colors will now be emitted as rgba(0, 0, 0, 0) rather than transparent. This works around a bug wherein IE incorrectly handles the latter format.
* The indented syntax now allows different indentation to be used for different lines, as long as they define a consistent tree structure.
Backwards Incompatibilities -- Must Read!
* The way CSS variables are handled has changed to better correspond to the CSS spec. They no longer allow arbitrary SassScript in their values; instead, almost all text in the property values will be passed through unchanged to CSS. The only exception is #{}, which will inject a SassScript value as before.
Add ruby-sass-rails package version 5.0.7 which covers Ruby on Rails 4.2
and later.
Sass adapter for the Rails asset pipeline.
This gem provides official integration for Ruby on Rails projects with the
Sass stylesheet language.
This fork of guard/listen provides a stable API for users of the ruby Sass CLI.
Listen
The Listen gem listens to file modifications and notifies you about the changes.
Features
* OS-optimized adapters on MRI for Mac OS X 10.6+, Linux, \*BSD and Windows,
[more info](#listen-adapters) below.
* Detects file modification, addition and removal.
* You can watch multiple directories.
* Regexp-patterns for ignoring paths for more accuracy and speed
* Increased change detection accuracy on OS X HFS and VFAT volumes.
* Tested on MRI Ruby environments (2.0+ only) via
[Travis CI](https://travis-ci.org/guard/listen).
Note explicit dependency on libwebp >= 1.0.1. (libwebp itself doesn't
merit a general bump in its buildlink3.mk file, since according to its
change log, there are no incompatibilities added.) No PKGREVISION bump,
since either this previously built with the newer version of libwebp in
the current pkgsrc tree, or it failed to meet the dependency.
Subject: [PATCH] Fix DFG doesGC() for CompareEq/Less/LessEq/Greater/GreaterEq
and CompareStrictEq nodes. https://bugs.webkit.org/show_bug.cgi?id=194800
<rdar://problem/48183773>
Reviewed by Yusuke Suzuki.
Fix doesGC() for the following nodes:
CompareEq:
CompareLess:
CompareLessEq:
CompareGreater:
CompareGreaterEq:
CompareStrictEq:
Only return false (i.e. does not GC) for child node use kinds that have
been vetted to not do anything that can GC. For all other use kinds
(including StringUse and BigIntUse), we return true (i.e. does GC).
* dfg/DFGDoesGC.cpp:
(JSC::DFG::doesGC):
This was published alongside with exploit code claiming it is remote
code execution, but I don't understand what the exploit is doing.
bump PKGREVISION
Changelog:
15.0.4
Changes
Make external storages browsable again in the web UI (server#14076)
15.0.3
Changes
Upload new files in objectstore to a .part path first (server#13036)
Broker: add timezone to CANCEL messages (server#13384)
Add strengthify.min files (server#13546)
Fix click app names (server#13575)
Principals can be principal/user/ or principal/ from lega… (server#13582)
Correctly handle displaynames returned from the sharee API (server#13585)
Don't close input stream when writing in encrypted file (server#13588)
Bump pear/archive_tar to 1.4.5 (server#13598)
Fix integer background job id type error (server#13609)
Fix user settings label translation (server#13611)
Fix app navigation flickering on hover (server#13625)
Update URL for federation (server#13636)
Fix colorizeSvg with transformations that contain a comma (,) (server#13653)
Use warning background color & primary text color for setting warnings (server#13665)
Fix template paramter (server#13670)
Cache tokens when using swift's v2 authentication (server#13740)
Cleanup shared lock if changing to exclusive lock failed (server#13744)
Honor remember_login_cookie_lifetime (server#13758)
Fix integration of social sharing into the link popover menu (server#13761)
Respect user locale in natural sort comparator (server#13762)
Call proper function when fetching link shares in the breadcrumb view (server#13769)
Add acceptance tests for moving and copying files (server#13771)
Show proper default locale (server#13781)
Ignore non existing users when retrieving details of group members (server#13792)
Remove .css fileending from accessibility user css route (server#13793)
Add icon to restore activity (server#13794)
Fix long comment in dark theme (server#13804)
Bump bower from 1.8.4 to 1.8.8 in /build (server#13821)
Fix for high contrast theme (server#13852)
Always use multipart uploader for s3 uploads (server#13882)
Fix paged search with multiple bases (LDAP) (server#13884)
Fix dropping a folder on a folder row (server#13887)
Fix updating the password of a link share when passwords are enforced (server#13900)
Add fallback for trashbin original location (server#13904)
Allow shared versions again in legacy backend (server#13905)
Improve data directory write checking for NFS mounts (server#13906)
Clean pending 2FA authentication on password reset (server#13915)
Forward error message from password policy (server#13918)
Remove warning in case of external storage error (server#13920)
Handle mail send error gracefully (server#13930)
Bump pear/archive_tar from 1.4.3 to 1.4.5 (3rdparty#214)
Move to SCSS and fix app icon for dark theme (activity#338)
Fill screen in fullscreen mode for public videos. Fixes#77 (files_videoplayer#79)
Use target="_blank" and rel="noreferrer noopener" (firstrunwizard#105)
Fix notification documentation to reflect recent changes (notifications#258)
Changelog:
Enhancements
Templates
Adjust tests ddc6d4e3 @bep #5643
Prevent getJSON and getCSV fetch failure from aborting build 6a2bfcbe @anthonyfok #5643
Core
Expand TestPageWithEmoji to cover '+', '-' and '_' too 2a9060a8 @anthonyfok #5635
Restore 0.48 slash handling in taxonomies 40ffb048 @bep #5571
Other
Use official semver even for main releases fab41f42 @bep #5639
Add test for --configDir 59d87044 @bep #5662
Ignore unknown config files in config dir 3244cb3b @bep #5646
Store supported config formats in a variable d9282cf9 @tryzniak
Bump to Go 1.11.5 8ed2a1ca @bep #5654
Update Afero e8596139 @bep #5650
Accept hyphen and plus sign in emoji detection 3038464e @anthonyfok #5635
Support numeric sort in ByParam 26f75edb @tryzniak #5305
Make hugo server -t work again db3c49d0 @tryzniak #5569#5061#4868
Add configFile(s) back to the watch list after RENAME event too e3cb8e6c @anthonyfok #5205
Remove historical rssURI config 55251aa8 @mywaiting
Use subtests with server_test.go 843fcd19 @tryzniak
Move resource interfaces into its own package ce8a09a4 @bep
Move resource processors into sub-packages 669ada43 @bep
Update _index.md 50745122 @vrMarc
Update go.sum 0584432b @bep
Update Chroma cc351958 @bep #4993
Make docshelper run again c24f3ae2 @bep #5568
Fixes
Templates
Fix reflect 9e4f9e0b @moorereason #5564
Other
Fix some inline shortcode issues c52045bb @bep #5645#5653
Fix OpenGraph image fallback to site params 526b5b1c @statik
Fix Params case handling in the new site global e1a66c73 @bep #5615
cache/namedmemcache: Fix data race 3f3187de @bep
Changelog:
Fixed
Fixed accidental requests to addons.mozilla.org when an addon recommendation doorhanger is shown (bug 1526387)
Improved playback of interactive Netflix videos (bug 1524500)
Fixed color management not working on macOS (bug 1506495)
Fixed incorrect sizing of the "Clear Recent History" window in some situations (bug 1523696)
Fixed audio & video delays while making WebRTC calls (bug 1521577 & bug 1523817)
Fixed video sizing problems during some WebRTC calls (bug 1520200)
Fixed looping CONNECT requests when using WebSockets over HTTP/2 from behind a proxy server (bug 1523427)
Fixed the "Enter" key not working on password entry fields for certain Linux distributions (bug 1523635)
Various stability and security fixes.
Security fixes:
#CVE-2018-18356: Use-after-free in Skia
#CVE-2019-5785: Integer overflow in Skia
#CVE-2018-18511: Cross-origin theft of images with ImageBitmapRenderingContext
1.8.0
NEW: Add custom selector support.
FIX: Small tweak to CSS identifier pattern to ensure it matches the CSS specification exactly. Specifically, you can't have an identifier of only -.
FIX: CSS string patterns should allow escaping newlines to span strings across multiple lines.
FIX: Newline regular expression for CSS newlines should treat \r\n as a single character, especially in cases such as string escapes: \\\r\n.
FIX: Allow -- as a valid identifier or identifier start.
FIX: Bad CSS syntax now raises a SelectorSyntaxError, which is still currently derived from SyntaxError, but will most likely be derived from Exception in the future.
v1.0.0:
Update included self-signed cert to include IP address in SAN. Full version bump because this could be a breaking change for those depending on the certificate missing the IP address in the SAN (as it seems the requests test suite does)
Only use @pytest.fixture decorator once
Fix a few README typos
