PR: 271967
ChangeLog: https://github.com/orhun/rustypaste/releases/tag/v0.10.1
* Added:
* Add a middleware for checking the content length:
- Before, the upload size was checked after full upload which was clearly wrong.
- With this change, total amount of bytes to upload is checked via Content-Length
header before the upload.
* Changed:
* Bump Shuttle to 0.18.0
* Bump hotwatch to 0.5.0
- Fixes RUSTSEC-2020-0016
* Fixed:
* Do not drop the config watcher
- Since 0.9.0, the configuration watcher was dropped early which
caused for it to not work and resulted in mysterious spikes in CPU
usage.
- With this version, this issue is fixed.
depends-list.sh fails in two ways: one is a simple quoting bug which
causes empty FLAVOR variables to be propagated; the other is that
de-duplication is being done without regard for flavors.
The upshot of these is that where a port depends on a specific flavor
(first bug) or on multiple flavors (second bug, usually caused by build
dependencies) of another port, the constructed dependency list is
incomplete, and so -recursive targets do not do all the required work.
(This is especially annoying for fetch-recursive.)
Reviewed by: portmgr@FreeBSD.org
PR: 269982
Differential Revision: https://reviews.freebsd.org/D40491
When I created the port, I forgot to put the binary into the plist.
We got a package with license and documentation but no binary.
Pointy hat to: cperciva
From the announcement:
This is an urgent bugfix release that fixes a serious regression in
pathname expansion, see: https://github.com/ksh93/ksh/issues/660
The previous 1.0.5 release is withdrawn and should not be used.
Main changes between 1.0.5 and 1.0.6:
- Fixed a serious regression in pathname expansion where quoted wildcard
characters were incorrectly expanded if a pattern contains both a brace
expansion and a variable expansion.
- Fixed a bug where the command to launch a full-screen editor (^X^E in
emacs and 'v' in vi) could cause the wrong command line to be edited
if two shell sessions share a .sh_history file.
1.0.5 had a large amount of bugfixes compared to 93u+m/1.0.4. In summary:
- Fixed various bugs causing crashes.
- Fixed many bugs in the emacs and vi line editors, in command completion,
and in file name completion.
- Fixed various bugs in the handling of quotes, backslash escapes and braces
when processing shell glob patterns (e.g. in pathname expansion and
'case').
- ksh now throws a panic and exits if a read error (such as an I/O error)
occurs while trying to read the next command(s) from a running script.
- Fixed many bugs in 'printf' and 'print -f' built-in commands, including:
. Multiple bugs causing incorrect output for relative date
specifications,
e.g., printf %T\\n 'exactly 20 months ago' now outputs a correct
result.
. More printf bugs with mix and match of % and %x$.
. A data corruption bug when using %B with 'printf -v varname'.
. A bug causing double evaluation of arithmetic expressions.
- Fixed a bug where 'unset -f commandname', executed in a subshell, hides
any built-in command by the same name for the duration of that subshell.
- Fixed ${var/#/string} and ${var/%/string} (with anchored empty pattern)
to work as on mksh, bash and zsh; these are no longer ineffective.
- Fixed incorrect result of array slicing ${array[@]:offset:length} where
'length' is a nested expansion involving an array.
- Command names can now end in ':' as they can on other shells.
- Fixed a spurious syntax error in compound assignments upon encountering a
pair of repeated opening parentheses '(('.
- Fixed spurious syntax error in ${parameter:offset:length}: the arithmetic
expressions 'offset' and 'length' may now contain the operators ( ) & |.
- Fixed a parsing bug in the declaration of .sh.math.* arithmetic functions.
- Fixed nameref self-reference loop detection for more than two namerefs.
- Several improvements to the POSIX compatibility mode.
- Many more minor and/or esoteric bugfixes.
<Changelog>
*) Feature: the "http2" directive, which enables HTTP/2 on a per-server
basis; the "http2" parameter of the "listen" directive is now
deprecated.
*) Change: HTTP/2 server push support has been removed.
*) Change: the deprecated "ssl" directive is not supported anymore.
*) Bugfix: in HTTP/3 when using OpenSSL.
</Changelog>
ChangeLog: https://lalescu.ro/liviu/fet/news.html
* Updated to Qt 6.5.1.
* Corrected a few English fields.
* Updated the Italian translation.
* Updated the Greek translation.
While here, pet linters.
PR: 271950
Reported by: uzsolt@uzsolt.hu (maintainer)
ChangeLog: http://download.igniterealtime.org/openfire/docs/4.7.5/changelog.html
Improvement
* Admin console CSS tweaks
* Validate JIDs that are sent by remote servers
* Apply nodeprep on S2S stanza addresses
* Do not default to Chinese locale
* Name threads
* Plugins should have updated SCM references
Task
* Ensure that MUC Room names are nodeprepped
* Update dependency-check to 8.1.2
* Update commons-fileupload to 1.5
* Update mysql-connector from 8.0.28 to 8.0.32
* Update twelvemonkeys imageio-core from 3.5 to 3.7.1 or higher
* Update SQL Server JDBC driver from 7.4.1 to 9.4.1
* Remove protobuf-java from mysql-connector-j
Story
* Update postgresql to 42.4.1
Sub-task
* Improve detection of path traversal
* Add config option for using wildcards in AuthCheckFilter
* Remove wildcard usage in AuthCheckFilter
* Avoid having setup-specific auth-excludes after install
Bug
* Overzealous deletion of child properties
* pubsub should always deliver payloads when items are retrieved.
* Fallback of verifyCertificateValidity for connection listener uses
incorrect setting
* Text formatting error in registration settings
* Fix failing aioxmpp tests
* CVE-2023-32315 Admin Console Auth Bypass
PR: 271922
Reported by: nikita@druba.su (maintainer)
