Update ruby-actionview60 to 6.0.3.1.
## Rails 6.0.3.1 (May 18, 2020) ##
* [CVE-2020-8167] Check that request is same-origin prior to including CSRF token in XHRs
lilv (0.24.8) stable;
* Allow passing strings for URIs in Python API when unambiguous
* Fix cases where incorrect translation is used
* Fix deleting state bundles loaded from the model
* Fix memory leak when dyn-manifest has no plugins (thanks Michael Fisher)
* Implement state:freePath feature
Update ruby-activesupport60 to 6.0.3.1.
## Rails 6.0.3.1 (May 18, 2020) ##
* [CVE-2020-8165] Deprecate Marshal.load on raw cache read in RedisCacheStore
* [CVE-2020-8165] Avoid Marshal.load on raw cache value in MemCacheStore
Small and dependency free Python package to infer file type and MIME type
checking the magic numbers signature of a file or buffer.
This is a Python port from filetype Go package.
Changelog
=========
3.2.0 2020-05-11
Support for pkg-config with option "--enable-pc-files" added
(Default behaviour is unchanged). This option installs the
pkg-config file "libcanlock-3.pc". The standard option
"--with-pkgconfigdir" can be used to specify the target directory
Shared library no longer exports internal symbols, if possible
(using #pragma GCC visibility). Library API and ABI are fully
compatible if no undocumented functions are used.
Build system: Distributed autotools files updated
libspectre 0.2.9 (06 May 2020)
===============================
This is another bugfix only release in the libspectre's 0.2 series.
Fixed lots of crashes, memory leaks with malformed
documents (Albert Astals Cid, Randy)
Ghostscript 9.24 is now required (Christian Persch)
Hide internal symbols (Christian Persch)
Added "(libspectre)" to the error messages to be clear where the
messages come from (Caolán McNamara)
Fixed clang warnings (Albert Astals Cid)
Update ruby-activestorage52 to 5.2.4.3.
## Rails 5.2.4.3 (May 18, 2020) ##
* [CVE-2020-8162] Include Content-Length in signature for ActiveStorage direct upload
Update ruby-actionpack52 to 5.2.4.3.
## Rails 5.2.4.3 (May 18, 2020) ##
* [CVE-2020-8166] HMAC raw CSRF token before masking it, so it cannot be used to reconstruct a per-form token
* [CVE-2020-8164] Return self when calling #each, #each_pair, and #each_value instead of the raw @parameters hash
Update ruby-actionview52 to 5.2.4.3.
## Rails 5.2.4.3 (May 18, 2020) ##
* [CVE-2020-8167] Check that request is same-origin prior to including CSRF token in XHRs
Update ruby-activesupport52 to 5.2.4.3.
## Rails 5.2.4.3 (May 18, 2020) ##
* [CVE-2020-8165] Deprecate Marshal.load on raw cache read in RedisCacheStore
* [CVE-2020-8165] Avoid Marshal.load on raw cache value in MemCacheStore
Version 3.0.8 is a patch release.
This release is binary and source compatible with version 3.0.0.
Note that the libical-glib library is considered unstable; therefore not binary compatible with previous releases
ReleaseNotes:
- Fix for icalattach_new_from_data() and the 'free_fn' argument
- Fix if recurrencetype contains both COUNT and UNTIL (only output UNTIL in the RRULE)
R59b is a must-have bugfix upgrade for R59 (not R58):
[tg] Handle other tmux $TERM types, pointed out by multi via IRC
[tg] Fix typo in FAQ
[tg] y='a\*b'; [[ $x = $y ]] regression (Martijn Dekker) fix
[l0kod] Defuse CLIP OS O_MAYEXEC support (cf. LWN)
[tg] Make set +o output a command to restore the currently set and (new!) cleared options, keep a reset state per session (experimental)
[tg] Correct documentation and code regarding to argv[0] parsing: first ‘-’ for login shells, then ‘r’ case-insensitively for restricted shell, then “sh”*, again case-insensitively, for BINSH_* modes; add tests
[tg] On OS/2, allow case-insensitive name for direct builtin call
[tg] Always skip startup files if direct builtin call
[tg] Avoid some sometimes-redundant startup codepaths
R59 has some major fixes, also introducing breaking changes:
[tg] Repair out-of-tree builds (noticed by rsc)
[tg] Work around a glibc on Hurd issue in testsuite
[komh] OS/2 filesystem mtime granularity is two seconds (as in FAT)
[tg] Replace while with goto: Coverity was confused
[tg] Fix invocation of some builtins when external utility absent
[komh] Improve automatic executable suffix for test builtin
[tg] Style code, refactor, clean up, optimise
[tg] Use cached egid in test builtin
[tg] Make bind builtin output reentry-safe; safety fixes
[tg] If basename(argv[0]) after leading dash removal begins with an ‘r’ enable restricted shell flag; reported by pmjdebruijn via IRC
[tg] Fix code example in manpage for how tab completion escapes
[tg] Match full extglob pattern RHS of [[ string comparison like ksh93
[tg] Implement which with -a in dot.mkshrc
[tg] Remove global builtin (use typeset -g)
[tg] alias, command, whence: Print alias names quoted
[tg] Implement a new quote-region (Esc+Q) editing command
[tg] Document all built-in aliases (requested by msiism via IRC) and those aliases and functions shipped in dot.mkshrc; completely overhaul builtin and reserved word documentation, for consistency
[tg] The manual page now features properly spaced em dashes ☻
[tg] Document that test x = y doesn’t extglob, only [[ x = y ]] does
R58 contains a lot of fixes and improvements:
[lintian] hyphen-used-as-minus-sign (on jessie, not later, ‽‽‽)
[tg] Fix system info gcc dump{machine,version} shell escaping level
[tg] Document KSH_VERSIONNAME_VENDOR_EXT in Build.sh
[tg] Be more explicit about the LTO bug exposed by check.t
[Todd C. Miller] Add -x (file locks) and AIX-specific -r ulimits
[tg] Handle Midipix as test environment and fix some warnings
[tg] Fix some Build.sh issues as Mirtoconf is now used by MirCPIO and MagicPoint
[komh] Improve CRLF to LF conversion
[komh] Ensure ECHO mode is enabled at startup so read has local echo
[komh] Let check.pl retain the PERLIO env variable
[komh] Unbreak nounset-1 test on systems with drive letters
[komh, tg] Make ulimit-3 test work without |& (that is, incomplete ports, i.e. those with -DMKSH_NOPROSPECTOFWORK)
[tg] Disable xxx-stat-1 test for now, fails when run as root
[tg] Drop Build.sh flags -c combine, -c lto
[Martijn Dekker] Exit 126 on execve(2) failure, not 1 (e.g. E2BIG)
[tg] Behave set and export/readonly-on-read-only-variables when run with command and command dot, bugreports by Martijn Dekker
[tg] dot.mkshrc: simplify; enhance (un)setting locale example
[tg, selk] Catch build errors earlier
[tg] Add -fno-lto (if GCC is detected) to CFLAGS and LDFLAGS
[tg] Limit HISTSIZE to 65535, as long pre-announced
[tg] Unbreak testsuite selftest-tty-absent for lksh
[tg] Begin work on support for neatcc (needs neatcc to evolve first)
[tg] Fix possibly not enough aligned access in struct job
[tg] Support going full setugid by running “set -p” once interactive
[tg] Document another (arcane, almost nowhere needed) definition
[tg] Improve code legibility and testsuite reliability and maintenance
[tg] Speed up trivial += cases (LP#1855167)
[tg] Some further code and memory optimisation and test coverage
[tg] Document that += is always string append (LP#1857702)
[tg] Fix “set -e appears active within eval but isn’t” reported by Martijn Dekker and another bug related to using set ±e inside eval
[tg] Handle parameter assignment in front of invocations of POSIX-style functions like ksh-style ones and external utilities; cf. Debian #935115
[tg] Fix bad memory access for invalid syntax (LP#1857828, LP#1857826)
[Brian Callahan] Update MALLOC_OPTIONS-using testcase for newer OpenBSD
[tg] Support lacc as compiler (just detecting, no change), thanks Brian
[tg] Share __IDSTRING with jupp
[tg] Update string comparison/pattern documentation
[tg, veedeeh] Document vi command line editing mode state better
[tg] Add FAQ2HTML.sh to convert mksh.faq to local valid XHTML+CSS
[tg] Correct backslash expansion documentation; caveat re. 16-bit UCS
[tg] Fix extra empty field on IFS-NWS trim expansion (Martijn Dekker)
[tg] Improve code performance, quality, robustness and correctness
[tg] Allow ${x:n} where n is an identifier (veedeeh)
[tg] Permit ‘+’ in alias names, but not leading (Aleksey Cheusov)
[tg] Fix here strings for $@ (LP#1857195), reported by jvdh
[multiplexd] Add vi mode PgDn, similar to PgUp doing history search
[tg] Build.sh fixup unreliable test -n/-z
[multiplexd] Correct documentation of vi mode @c
[tg] Update to UCD 13.0.0
[tg] Use nanoseconds in test -nt / -ot (LP#1855325)
Sollya is a tool environment and a library for safe floating-point
code development, particularly targeted at automated implementation
of math libraries like libm.
Derived from wip/sollya.
