- switch node_modules tarball to vendor.tar.xz 
- minor cleanup of the spec file

• Files Changed
• Browse Source

fix it, baby

• Files Changed
• Browse Source

- refreshed patches:
  + etherpad-lite_abiword_missing_AbiCommand.patch
  + etherpad-lite_avoid_getGitCommit_call.patch
  + etherpad-lite_default_config.patch
  + etherpad-lite_move_autogenerated_key_files_to_var.patch

• Files Changed
• Browse Source

- update to 1.8.7
  Compatibility-breaking changes
  * IMPORTANT: It is no longer possible to protect a group pad with a
    password. All API calls to setPassword or isPasswordProtected will fail.
    Existing group pads that were previously password protected will no longer be
    password protected. If you need fine-grained access control, you can restrict
    API session creation in your frontend service, or you can use plugins.
  * All workarounds for Microsoft Internet Explorer have been removed. IE might
    still work, but it is untested.
  * Plugin hook functions are now subject to new sanity checks. Buggy hook
    functions will cause an error message to be logged
  * Authorization failures now return 403 by default instead of 401
  * The authorize hook is now only called after successful authentication. Use
    the new preAuthorize hook if you need to bypass authentication
  * The authFailure hook is deprecated; use the new authnFailure and
    authzFailure hooks instead
  * The indexCustomInlineScripts hook was removed
  * The client context property for the handleMessage and
    handleMessageSecurity hooks has been renamed to socket (the old name is
    still usable but deprecated)
  * The aceAttribClasses hook functions are now called synchronously
  * The format of ENTER, CREATE, and LEAVE log messages has changed
  * Strings passed to $.gritter.add() are now expected to be plain text, not
    HTML. Use jQuery or DOM objects if you need formatting
  Notable new features
  * Users can now import without creating and editing the pad first
  * Added a new readOnly user setting that makes it possible to create users in
    settings.json that can read pads but not create or modify them
  * Added a new canCreate user setting that makes it possible to create users in
    settings.json that can modify pads but not create them

• Files Changed
• Browse Source

- update to 1.8.6
  IMPORTANT: This fixes a severe problem with postgresql in 1.8.5
  SECURITY: Fix authentication bypass vulnerability
  API: Update version to 1.2.15
  FEATURE: Add copyPadWithoutHistory API (#4295)
  FEATURE: Package more asset files to save http requests (#4286)
  MINOR: Improve UI when reconnecting
  TESTS: Improve tests
- refreshed/renamed all patches
- refreshed node_modules tarball

• Files Changed
• Browse Source

fix module package

• Files Changed
• Browse Source

- update to 1.8.5
  IMPORTANT DROP OF SUPPORT: Drop support for IE. Browsers now need async/await.
  IMPORTANT SECURITY: Rate limit Commits when env=production
  SECURITY: Non completed uploads no longer crash Etherpad
  SECURITY: Log authentication requests
  FEATURE: Support ES6 (migrate from Uglify-JS to Terser)
  FEATURE: Improve support for non-cookie enabled browsers
  FEATURE: New hooks for index.html
  FEATURE: New script to delete sessions.
  FEATURE: New setting to allow import withing an author session on a pad
  FEATURE: Checks Etherpad version on startup and notifies if update 
  is available. Also available in /admin interface.
  FEATURE: Timeslider updates pad location to most recent edit
  MINOR: Outdent UL/LI items on removal of list item
  MINOR: Various UL/LI import/export bugs
  MINOR: PDF export fix
  MINOR: Front end tests no longer run (and subsequently error) on pull requests
  MINOR: Fix issue with
  closing a list before it opens
  MINOR: Fix bug where large pads would fire a console error in timeslider
  MINOR: Fix ?showChat URL param issue
  MINOR: Issue where timeslider URI fails to be correct if padID is numeric
  MINOR: Include prompt for clear authorship when entire document is selected
  MINOR: Include full document aText every 100 revisions to make 
  pad restoration on database curruption achievable
  MINOR: Several Colibris CSS fixes
  MINOR: Use mime library for mime types instead of hard-coded.
  MINOR: Don't show "new pad button" if instance is read only
  MINOR: Use latest NodeJS when doing Windows build
  MINOR: Change disconnect logic to reconnect instead of silently failing

• Files Changed
• Browse Source

remove old sources

• Files Changed
• Browse Source

- added etherpad-lite-1.8.4-abiword_missing_AbiCommand.patch:
  + looks like the latest abiword 3.0.2 on Leap 15.1 does not work 
    together with etherpad-lite: "Plugin AbiCommand not found or loaded"
    => this patch simply falls back to the '--to' commandline 
       option of abiword to get the export done

• Files Changed
• Browse Source

- added etherpad-lite-1.8.4_avoid_getGitCommit_call.patch to avoid 
  "ENOENT: no such file or directory, lstat '/srv/www/etherpad-lite/.git'" 
  messages at server start
- rebased A    etherpad-lite-*_default_config.patch and
  etherpad-lite-*_move_autogenerated_key_files_to_var.patch

• Files Changed
• Browse Source

- update to 1.8.4
  This is a maintenance release after 1.8.3.
  Users relying on MySQL are particularly encouraged to upgrade.
  FIX: fix a performance regression on MySQL introduced in 1.8.3
  FIX: when running behind a reverse proxy and exposed in an inner directory, 
  fonts and toolbar icons should now be visible. 
  This is a regression introduced in 1.8.3
  FIX: cleanups in the UI after the CSS rehaul of 1.8.3
  MINOR: protect against bugged/stale UI elements after updates. An explicit
  cache busting via random query string is performed at each start. 
  This needs to be replaced with hashed names in static assets.
  MINOR: improved some tests
  MINOR: fixed long-standing bugs in the maintenance tools in /bin 
  (migrateDirtyDBtoRealDB, rebuildPad, convert, importSqlFile)
  from 1.8.3:
  FEATURE: colibris is now the default skin for new installs
  FEATURE: improved colibris visuals, and migrated to Flexbox layout
  FEATURE: skin variants: colibris skin colors can be easily customized. 
  Visit http://127.0.0.1:9001/p/test#skinvariantsbuilder
  REQUIREMENTS: minimum required Node version is 10.13.0 LTS.
  MINOR: stability fixes for the async migration in 1.8.0 
  (fixed many UnhandledPromiseRejectionWarning and the few remaining crashes)
  MINOR: improved stability of import/export functionality
  MINOR: fixed many small UI quirks (timeslider, import/export, chat)
  MINOR: Docker images are now built & run in production mode by default
  MINOR: reduced the size of the Docker images
  MINOR: better documented cookies and configuration parameters of the Docker image
  MINOR: better database support (especially MySQL)
  MINOR: additional test coverage
  MINOR: restored compatibility with ep_hash_auth

• Files Changed
• Browse Source

- update to 1.8.0
  SECURITY: change referrer policy so that Etherpad addresses aren't 
            leaked when links are clicked (discussion: #3636)
  SECURITY: set the "secure" flag for the session cookies when served
            over SSL. From now on it will not be possible to serve the
            same instance both in cleartext and over SSL
  FEATURE: code was migrated to async/await, getting rid of a lot 
           of callbacks (see #3540)
  FEATURE: support configuration via environment variables
  FEATURE: include an official Dockerfile in the main repository
  FEATURE: support including plugins in custom Docker builds
  FEATURE: conditional creation of users: when its password is null,
           a user is not created. This helps, for example, in advanced
           configuration of Docker images.
  REQUIREMENTS: minimum required Node version is 8.9.0 LTS. Release 
                1.8.3 will require at least Node 10.13.0 LTS
  MINOR: in the HTTP API, allow URL parameters and POST bodies to co-exist
  MINOR: fix Unicode bug in HTML export
  MINOR: bugfixes to colibris chat window
  MINOR: code simplification (avoided double negations, introduced
         early exits, ...)
  MINOR: reduced the size of the Windows package
  MINOR: upgraded the nodejs runtime to 10.16.3 in the Windows package
  SECURITY: avoided XSS in IE11
  SECURITY: the version is exposed in http header only when configured
  SECURITY: updated vendored jQuery version
  SECURITY: bumped dependencies
- refreshed modules tarball
- added README.openSUSE
- rebased A    etherpad-lite-*_default_config.patch and

• Files Changed
• Browse Source

add missing commatas

• Files Changed
• Browse Source

- update to 1.7.5
  NEW: Catch SIGTERM for graceful shutdown
  NEW: Show actual applied text formatting for caret position
  NEW: Add settings to improve scrolling of viewport on line changes
  NEW: Added pad shortcut disabling feature
  NEW: Create option to automatically reconnect after a few seconds
  FEATURE: introduced support for multiple skins. 
           See http://etherpad.org/doc/v1.7.5/#index_skins
  FEATURE: added a new, optional skin. It can be activated choosing 
           skinName: "colibris" in settings.json
  FEATURE: allow file import using LibreOffice
  SECURITY: updated many dependencies. No known high or moderate 
            risk dependencies remain.
  SECURITY: generate better random pad names
  SECURITY: updated MySQL, Elasticsearch and PostgreSQL drivers
  SECURITY: started updating deprecated code and packages
  SECURITY: Escape data when listing available plugins
  SECURITY: Update ejs
  SECURITY: xss vulnerability when reading window.location.href
  SECURITY: sanitize jsonp
  FIX: don't nuke all installed plugins if npm install fails
  FIX: improved LibreOffice export
  FIX: allow debug mode on node versions >= 6.3
  FIX: getLineHTMLForExport() no longer produces multiple copies of a line. 
       WARNING: this could potentially break some plugins
  FIX: authorship of bullet points no longer changes when a second 
       author edits them
  FIX: improved Firefox compatibility (non printable keys)
  FIX: getPadPlainText() was not working
  FIX: line numbers are aligned with text again (broken in 1.6.4)

• Files Changed
• Browse Source

- update to 1.6.1
- install pg-native and force usage

- update to 1.6.0:
  - SECURITY: Fix a possible xss attack in iframe link
  - NEW: Add a aceSelectionChanged hook to allow plugins to react
    when the cursor location changes.
  - NEW: Accepting Arrays on 'exportHtmlAdditionalTags' to handle
    attributes stored as ['key', 'value']
  - NEW: Allow admin to run on a sub-directory
  - NEW: Support version 5 of node.js
  - NEW: Update windows build to node version 4.4.3
  - NEW: Create setting to control if a new line will be indented
    or not
  - NEW: Add an appendText API
  - NEW: Allow LibreOffice to be used when exporting a pad
  - NEW: Create hook exportHtmlAdditionalTagsWithData
  - NEW: Improve DB migration performance
  - NEW: allow settings to be applied from the filesystem
  - NEW: remove applySettings hook and allow credentials.json to be
    part of core
  - NEW: Use exec to switch to node process
  - NEW: Validate incoming color codes
  - Fix: Avoid space removal when pasting text from word processor.
  - Fix: Removing style that makes editor scroll to the top on iOS
    without any action from the user
  - Fix: Fix API call appendChatMessage to send new message to all
    connected clients
  - Fix: Timeslider "Return to pad" button
  - Fix: Generating pad HTML with tags like instead of TAG:VALUE

• Browse Source