* kerberos_ldap_group: fix LDAP string duplication
* Avoid "hot idle": A series of rapid select() calls with zero timeout.
* Bug 3887: tcp_outgoing_tos not working for IPv6
* Fix cbdata 'error: expression result unused' errors
* Have testRock use cachemgr stubs
* Bug 3836: Fix issues with automake 1.13 and later and make check (extra)
* Bug 3836: Fix issues with automake 1.13 and later and make check
* Append Connection:close to OPTIONS requests when icap_persistent_connections is off.
* Add cache_miss_revalidate
* Bug 3480: StoreEntry::kickProducer() segfaults in store_client::copy()
* Fix CBDATA_CLASS2 macro definition
* libntlmauth: Fix string field truncation
* ntlm_fake_auth: pass DOMAIN data to Squid in original case
* Fix SQUID_CC_CHECK_ARGUMENT autoconf macro
* Polish: better WARNING when workers directive is ignore on reconfigure.
* Use IPv6 localhost nameserver on DNS configuration errors
* Bug 3923: cbdata and undefined behavior due to dynamic runtime enumeration
* Polish: report bytes received when bad content-length detected by quick-abort
* Bug 3918: Squid 3.3.9 Self Test Failures on Mac OS X 10.8
* Bug 3929: request_header_add not working for tunnel requests
* Fix pinning hierarchy log information
* Close idle client connections associated with closed idle pinned connections.
Changelog:
SeaMonkey-specific changes
Sorting messages by date can now be configured to look at the thread root instead of the newest message in it (pref: mailnews.sort_threads_by_root).
Plugins doorhangers now allow to activate different plugin types independently.
The proxy popup is now also available from the MailNews main window.
A new Recipients column has been added that shows all recipients (To, CC, BCC).
The default HTML5 audio/video player controls allow to change the playback rate now.
A "Validate this page" entry has been added to Tools/Web Development.
The Firefox devtools debugger can now be used to debug SeaMonkey remotely.
See the changes page for a more complete overview.
Mozilla platform changes
Web Audio support has been added.
CSS3 background-attachment:local support to control background scrolling has been implemented.
Many new ES6 functions have been implemented.
iframe document content can now be specified inline.
Fixed several stability issues.
Fixed in SeaMonkey 2.22
MFSA 2013-102 Use-after-free in HTML document templates
MFSA 2013-101 Memory corruption in workers
MFSA 2013-100 Miscellaneous use-after-free issues found through ASAN fuzzing
MFSA 2013-98 Use-after-free when updating offline cache
MFSA 2013-97 Writing to cycle collected object during image decoding
MFSA 2013-96 Improperly initialized memory and overflows in some JavaScript functions
MFSA 2013-95 Access violation with XSLT and uninitialized data
MFSA 2013-94 Spoofing addressbar though SELECT element
MFSA 2013-93 Miscellaneous memory safety hazards (rv:25.0 / rv:24.1 / rv:17.0.10)
* Disable if test "A" = "A"; then fi test
SYntax error on SmartOS
* build is fine on SmartOS, hopefully other SunOS,
but I cannot confirm functionality now
* Remove DragonFly from SkThreadUtils_pthread_linux.cpp condition.
DragonFly has no cpuset(3) or CPU_SET(3) macros/functions.
It has usched_set(2), but I cannot implement with them.
Use SkThreadUtils_pthread_other.cpp instead.
Mozilla Firefox is a free, open-source and cross-platform web browser
for Windows, Linux, MacOS X and many other operating systems.
It is fast and easy to use, and offers many advantages over other web
browsers, such as tabbed browsing and the ability to block pop-up
windows.
Firefox also offers excellent bookmark and history management, and it
can be extended by developers using industry standards such as XML,
CSS, JavaScript, C++, etc. Many extensions are available.
This package tracks 24 extended support release branch.
* Enable pulseaudio by default, OSS support is dropped, and ALSA support
on NetBSD does not work properly for me
* Enable GStremer support for non-webm and non-theora video support
* Create alsa option, and enabled on Linux by default
Changelog:
NEW
Web Audio support
NEW
The find bar is no longer shared between tabs
CHANGED
If away from Firefox for months, you now will be offered the option to reset it to its default state while preserving your essential information
CHANGED
Resetting Firefox no longer clears your browsing session
DEVELOPER
CSS3 background-attachment:local support to control background scrolling
DEVELOPER
Many new ES6 functions implemented
HTML5
iframe document content can now be specified inline
FIXED
Blank or missing page thumbnails when opening a new tab
FIXED
Security fixes can be found here
Fixed in Firefox 25
MFSA 2013-102 Use-after-free in HTML document templates
MFSA 2013-101 Memory corruption in workers
MFSA 2013-100 Miscellaneous use-after-free issues found through ASAN fuzzing
MFSA 2013-99 Security bypass of PDF.js checks using iframes
MFSA 2013-98 Use-after-free when updating offline cache
MFSA 2013-97 Writing to cycle collected object during image decoding
MFSA 2013-96 Improperly initialized memory and overflows in some JavaScript functions
MFSA 2013-95 Access violation with XSLT and uninitialized data
MFSA 2013-94 Spoofing addressbar though SELECT element
MFSA 2013-93 Miscellaneous memory safety hazards (rv:25.0 / rv:24.1 / rv:17.0.10)
User-visible changes:
- Client- and server-side bugfixes:
* fix assertion on urls of the form 'file://./'
* stop linking against psapi.dll on Windows
* translation updates for Swedish
- Client-side bugfixes:
* revert: fix problems reverting moves
* update: fix assertion when file external access is denied
* merge: reduce network connections for automatic merge
* merge: fix path corruption during reintegration
* mergeinfo: fix crash
* ra_serf: verify the result of xml parsing
* ra_serf: improve error messages during commit
* ra_local: fix error with repository in Windows drive root
* fix crash on windows when piped command is interrupted
* fix crash in the crash handler on windows
* fix assertion when upgrading old working copies
- Server-side bugfixes:
* hotcopy: cleanup unpacked revprops with '--incremental'
* fix OOM on concurrent requests at threaded server start
* fsfs: improve error message when unsupported fsfs format found
* fix memory problem in 3rd party FS module loader
Developer-visible changes:
- General:
* allow compiling against serf 1.3 and later on Windows
- Bindings:
* javahl: canonicalize path for streaFileContent method
Fixed a bug in fixture loading signals handling
Fixed a bug in placeholder's primary key thousand formatting
Test fixes
Fixed use of cached content in the show_placeholder's preview mode
Fixed issues in cookie handling
Fixed minor unicode issues
Fixed a missing argument in ModelAdmin
Fixed a bug in WymEditor handling
Fixed bugs in migrations
Fixed bug in language fallback
Minor documentation fixes
* An issue with SQLite and default values that caused some migrations to fail has been fixed.
* South now recognises more Django MSSQL backends, and no longer fails to alter ForeignKeys that are in composite indexes.
* A small issue with the app cache on Django 1.6 has been fixed.
* The schemamigration and datamigration commands can now be properly inherited and their templates easily changed.
Upstream changes:
4.53 2013-10-30
- Fixed a few unsubscribe and error event bugs in Mojo::EventEmitter.
4.52 2013-10-29
- Improved Mojo::EventEmitter to allow unhandled error events to be fatal.
(powerman, sri)
4.51 2013-10-28
- Added tag_with_error helper to Mojolicious::Plugin::TagHelpers.
- Improved .ep template performance significantly, the number of helpers no
longer has any effect. (jberger, sri)
- Improved form_for performance.
- Improved built-in templates with documentation search.
- Fixed template inheritance bug in include helper.
- Fixed a few multipart form handling bugs.
mod_fastcgi: fix mix up of “mode” => “authorizer” in other fastcgi configs (fixes 2465, thx peex)
fix handling of If-Modified-Since if If-None-Match is present (don’t return 412 for date parsing errors);
follow current draft for HTTP/1.1, which tells us to ignore If-Modified-Since if we have matching etags.
[mod_fastcgi,log] support multi line logging (fixes 2252)
call ERR_clear_error only for ssl connections in CON_STATE_ERROR
reject non ASCII characters in HTTP header names
[mod_auth] use crypt() on encrypted password instead of extracting salt first (fixes 2483)
[mod_auth] add htpasswd -s (SHA1) support if openssl is used (needs openssl for SHA1). This doesn’t use any salt, md5 with salt is probably better.
[mod_auth] fix base64_decode (2484)
fix some bugs found with canalyze (fixes 2484, thx Zhenbo Xu)
fix undefined stuff found with clang
[cmake] Use TARGET_LINK_LIBRARIES instead of LINK_FLAGS for library dependencies, also add Wl,-as-needed to extra warnings (fixes 2448)
[mod_auth] fix invalid read in digest qop=auth-int handling (fixes 2478)
[auto* build] simplify autogen.sh, handle automake 1.13 test running (fixes 2490)
[mod_userdir] add userdir.active option, “enabled” by default
[core] return 501 Not Implemented in static file mode for all methods except GET/POST/HEAD/OPTIONS
[core] recognize more http methods to forward to backends (fixes 2346)
[ssl] use DH only if openssl supports it (fixes 2479)
[network] use constants available at compile time for maximum number of chunks for writev instead of calling sysconf (fixes 2470)
[ssl] Fix $HTTP[“scheme”] conditional, could be “http” for ssl connections if the ssl $SERVER[“socket”] conditional was nested (fixes 2501)
[ssl] accept ssl renegotiations if they are not disabled (fixes 2491)
[ssl] add option ssl.empty-fragments, defaulting to disabled (fixes 2492)
[auth] put REMOTE_USER into cgi environment, making it accessible to lua via lighty.req_env (fixes 2495)
[auth] new method “extern” to use already present REMOTE_USER (from magnet, ssl, …) (fixes 2436)
[core] remove requirement that default doc-root has to exist, there are reasonable scenarios not requiring static files at all
[core] check whether server.chroot exists
[mod_simple_vhost] fix cache; skip module if simple-vhost.server-root is empty (thx rm for reporting)
[mod_accesslog] add accesslog.syslog-level option (fixes 2480)
[core] allow files to be used as document-root (fixes 2475)
[core] set signal handlers before forking child processes in modules/plugins_call_set_defaults (fixes 2502)
Django 1.5.5 fixes a couple security-related bugs and several other bugs in the 1.5 series.
Readdressed denial-of-service via password hashers
Django 1.5.4 imposes a 4096-byte limit on passwords in order to mitigate a denial-of-service attack through submission of bogus but extremely large passwords. In Django 1.5.5, we’ve reverted this change and instead improved the speed of our PBKDF2 algorithm by not rehashing the key on every iteration.
Properly rotate CSRF token on login
This behaviour introduced as a security hardening measure in Django 1.5.2 did not work properly and is now fixed.
Bugfixes
Fixed a data corruption bug with datetime_safe.datetime.combine.
Fixed a Python 3 incompatability in django.utils.text.unescape_entities().
Fixed a couple data corruption issues with QuerySet edge cases under Oracle and MySQL.
Fixed crashes when using combinations of annotate(), select_related(), and only()
0.9 (2013-10-25)
webassets now support Python 3, and drops support for Python 2.5.
- Filter for Closure Soy templates (Michael Su).
- less filter can output source maps (Riccardo Forina).
- Support .pyc only deployments (Mike C. Fletcher).
- Jade template filter (Roshambo).
- YAMLLoader improvements (incl. Cédric Reginster).
- The gzip filter was removed.
Changes since 1.0.6:
* Python 3 compatibility fixes
* Redis CLI
* Dropped Flask-WTF dependency
* Upgraded to Select2 3.4.0
* Additional unit tests
* Separate loggers for each Flask-Admin component
* New, much more configurable datetime picker
* Spanish translation
* Form rendering rules
* Models: AJAX drop-down population for related models
* Models: Filter options can be translated
* Models: on_model_change now accepts third parameter is_created
* Models: New configurarion property form_extra_columns
* Models: Proper child field error highlighting
* Models: Save and continue button for edit views
* Models: FileUploadField and ImageUploadField
* Models: If Flask is running in debug mode, rethrow all exceptions
* Models: Backrefs are now displayed by default
* Models: If there are no models in the list view, message will be displayed
* MongoEngine: GridFS support for file and image uploads
* MongoEngine: Backend supports form_overrides, choices and other field
configuration properties
* MongoEngine: URLField and EmailField are now searchable
* MongoEngine: Embedded document configuration
* SQLAlchemy: Backend was renamed as flask.ext.admin.contrib.sqla
* SQLAlchemy: Automatic join for many-to-many relations
* SQLAlchemy: Fixed ambiguous primary key when building complex search query
in SQLAlchemy backend
* SQLAlchemy: Use joinedload for related model instead of subqueryload for
performance reasons
* SQLAlchemy: Improved inline model handling logic
* SQLAlchemy: Initial multi-pk support for inherited models
* SQLAlchemy: BigInt filtering support
(No changelog for 0.9.3 supplied, but includes maintainer change.)
Version 0.9.2
-------------
Released 2013/9/11
- Upgrade wtforms to 1.0.5.
- No lazy string for i18n `#77`_.
- No DateInput widget in html5 `#81`_.
- PUT and PATCH for CSRF `#86`_.
.. _`#77`: https://github.com/lepture/flask-wtf/issues/77
.. _`#81`: https://github.com/lepture/flask-wtf/issues/81
.. _`#86`: https://github.com/lepture/flask-wtf/issues/86
Version 0.9.1
-------------
Released 2013/8/21
This is a patch version for backward compitable for Flask<0.10 `#82`_.
.. _`#82`: https://github.com/lepture/flask-wtf/issues/82
Version 0.9.0
-------------
Released 2013/8/15
- Add i18n support (issue #65)
- Use default html5 widgets and fields provided by wtforms
- Python 3.3+ support
- Redesign form, replace SessionSecureForm
- CSRF protection solution
- Drop wtforms imports
- Fix recaptcha i18n support
- Fix recaptcha validator for python 3
- More test cases, it's 90%+ coverage now
- Redesign documentation
Version 1.0.5
-------------
Released September 10, 2013
- Fix a bug in validators which causes translations to happen once then
clobber any future translations.
- ext.sqlalchemy / ext.appengine: minor cleanups / deprecation.
- Allow blank string and the string 'false' to be considered false values
for BooleanField (configurable). This is technically a breaking change,
but it is not likey to affect the majority of users adversely.
- ext.i18n form allows passing LANGUAGES to the constructor.
Add LICENSE
Upstream changes:
0.11 2013-10-11 15:11:59 Europe/London
0.10 2013-09-27 15:05:03 Europe/London
- RT3008 Changed examples to be XSS free
- RT19063, RT25477 fixed handling of self closing tags,
for example '<hr />'
- * attribute rule can be a regexp
- callbacks in rules to check or adjust attributes with
custom code (RT15747)
Update DEPENDS
Upstream changes:
0.09010 2012-10-05
- Internal changes - all Repeatable/nested_name munging is moved out of
HTML::FormFu::Element::Repeatable into individual constraints
0.09009 2012-09-29
- Make sure object can('checked') before calling checked() (colinnewell)
- Updated Repeatable control to update id_field on DBIC::Unique if present
- Added support for arbitrary elements within Multi blocks so that they
don't need to support methods like _striing_field and label etc.
- ComboBox new get_select_field_nested_name(), get_text_field_nested_name()
accessors.
- Fieldset new legend_attributes() method.
- New form_error_message_class() method.
- Constraint 'when' callback now receives $constraint as 2nd argument.
0.09007 2012-01-23
- bump MooseX::Attribute::Chained version
0.09006 2012-01-23
- fixed deprecation warnings of MX::Attribute::Chained (bricas)
- Added placeholder attributes for types Text and Textarea with L10N support.
- Added L10N support for 'prefix' attributes for types Date and DateTime.
- Added 'attributes' support to types Date and DateTime.
Upstream changes:
4.50 2013-10-22
- Deprecated Mojo::UserAgent::app in favor of
Mojo::UserAgent::Server::app.
- Deprecated Mojo::UserAgent::app_url in favor of
Mojo::UserAgent::Server::url.
- Deprecated Mojo::UserAgent::detect_proxy in favor of
Mojo::UserAgent::Proxy::detect.
- Deprecated Mojo::UserAgent::http_proxy in favor of
Mojo::UserAgent::Proxy::http.
- Deprecated Mojo::UserAgent::https_proxy in favor of
Mojo::UserAgent::Proxy::https.
- Deprecated Mojo::UserAgent::no_proxy in favor of
Mojo::UserAgent::Proxy::not.
- Deprecated Mojo::UserAgent::need_proxy in favor of
Mojo::UserAgent::Proxy::is_needed.
- Deprecated Mojo::UserAgent::name in favor of
Mojo::UserAgent::Transactor::name.
- Added modules Mojo::UserAgent::Proxy and Mojo::UserAgent::Server.
- Added proxy and server attributes to Mojo::UserAgent.
- Removed deprecated attrs method from Mojo::DOM.
- Improved Mojo::Message to allow max_message_size check to be disabled.
- Fixed small assignment bug in content helper.
Upstream changes:
1.3119 26.10.2013
[ ENHANCEMENTS ]
* GH #965: Serializer also serialize content for DELETE.
(reported by Achim Adam)
[ BUG FIXES ]
* GH #959: hash randomization could cause .pl MIME to vary and test
to fail. (Olof Johansson)
* GH #961: fix bug in require_environment's logic. (reported by
sapphirecat)
[ DOCUMENTATION ]
* GH #962: Improvements of the Dancer::Test docs. (Tom Hukins)
= 1.4.4 / 2013-10-21
* Allow setting layout to false in specifically for a singe rendering engine.
(Matt Wildig)
* Allow using wildcard in argument passed to `request.accept?`. (wilkie)
* Treat missing Accept header like wild card. (Patricio Mac Adden)
* Improve tests and documentation. (Darío Javier Cravero, Armen P., michelc,
Patricio Mac Adden, Matt Wildig, Vipul A M, utenmiki, George Timoschenko,
Diogo Scudelletti)
* Fix Ruby warnings. (Vipul A M, Patricio Mac Adden)
* Improve self-hosted server started by `run!` method or in classic mode.
(Tobias Bühlmann)
* Reduce objects allocated per request. (Vipul A M)
* Drop unused, undocumented options hash from Sinatra.new. (George Timoschenko)
* Keep Content-Length header when response is a `Rack::File` or when streaming.
(Patricio Mac Adden, George Timoschenko)
* Use reel if it's the only server available besides webrick. (Tobias Bühlmann)
* Add `disable :traps` so setting up signal traps for self hosted server can be
skipped. (George Timoschenko)
* The `status` option passed to `send_file` may now be a string. (George
Timoschenko)
* Reduce file size of dev mode images for 404 and 500 pages. (Francis Go)
* Fixing build issues on OS X with CLOCK_MONOTONIC not being implemented on OS X.
* Make libmicrohttpd play nicely with upcoming libgcrypt 1.6.0.
* Improved configure checks for cURL.
* Signal connection termination as OK (and not as ERROR) if the
stream was terminated by the callback returning
MHD_CONTENT_READER_END_OF_STREAM. Also, release response
mutex before calling the termination callback, to avoid
possible deadlock if the client destroys the response in
the termination callback (due to non-recursiveness of the lock).
* Adding #define MHD_HTTP_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN.
* Also pass MHD connection handle in URI log callback.
* Improved check for proper OpenSSL version for libmicrospdy.
* Set IPV6_V6ONLY socket option correctly when IPv6 is
enabled (MHD_USE_IPv6) but not dual stack (MHD_USE_DUAL_STACK).
Upstream changes:
2013-08-22 Dave Cross <dave@dave.org.uk> - RELEASE_3.04
========================================================
Dave Cross <dave@dave.org.uk> (17):
* Finish removing all references to SnipURL.pm.
* Bump to version 2.05 for release.
* Removed support for shorl.pm (now in WWW::Shorten::Shorl distribution).
* Bumped version number. Removed shorl files from MANIFEST.
* Added Config::Auto to list of dependencies (it's used by the shorten
program). Bumped version for release.
* Default to using a service that we currently support.
* Added MYMETA.yml to MANIFEST.SKIP.
* Be far more intelligent about the code that allows the user to choose
which service to use.
* Bump version number for release.
* Better examples of using bin/shorten
* Added a WWW::Shorten::UserAgent object which dies if it receives an HTTP
error response.
* Added documentation.
* Added META.json to MANIFEST.
* Licensing clean-up.
* Removed prototypes (and the ampersands in the tests that circumvented
them)
* Bump version number for release.
* Moved Pod tests into xt. (Pod coverage currently fails on some files. See
https://rt.cpan.org/Ticket/Display.html?id=87634 for details.)
Dave Cross <dave@angel.mag-sol.com> (1):
* Removed support for NotLong and OneShortLink (separate distributions to
follow soon). Bumper to version 2.06.
Dave Cross <dave@dacross.(none)> (1):
* Removed version number so it's picked up from lib/WWW/Shorten.pm
yappo <yappo@shibuya.pl> (1):
* shorl.com was change the request method ( POST to GET )
Router::Simple is a simple router class. Its main purpose is to serve as a
dispatcher for web applications. Router::Simple can match against PSGI $env
directly, which means it's easy to use with PSGI supporting web frameworks.
